Troubleshooting Active Directory

Active Directory Single Sign-On error

An error appears in the Eocortex Client application logs when attempting to use Active Directory pass-through authentication.

Warning

The Eocortex server version must be at least 4.1.73.

Solution

1. Add SPN records. Run the following commands from an elevated command prompt (as Administrator) for the domain service accounts:

   setspn -S HTTP/server_name [Service account]
   setspn -S HTTP/fqdn-server_name [Service account]
   setspn -S HTTP/server_name:server_port [Service account]
   setspn -S HTTP/fqdn-server_name:server_port [Service account]
   

2. If there are issues with TGS requests when connecting to the server, configure the Kerberos encryption group policy:

   • Press the Win + R, type gpedit.msc, and press Enter.

   • In the Local Group Policy Editor, navigate to Security Settings.

   • In the right pane, select the policy Network security: Configure encryption types allowed for Kerberos.

   • Enable the following encryption types:

     • RC4-HMAC-MD5

     • AES256-CTS-HMAC-SHA1

     • AES128-CTS-HMAC-SHA1

Related references

Active Directory Single Sign-On