OTRS 5 Login not working regulary

Moderator: crythias

Post Reply
tsch157
Znuny newbie
Posts: 16
Joined: 20 Mar 2017, 11:45
Znuny Version: OTRS 5

OTRS 5 Login not working regulary

Post by tsch157 »

Hello!

We have an issue with the login to our OTRS. Our login suddenly stops working without any regularities. After some time the login works again without any actions performed by us. This error is totally random, neither we could find a way to reproduce it, nor there were any errors in our OTRS logs, apache logs or syslogs. The login simply doesn´t proceed with the message that the login credentials are invalid. We checked the AD, our Firewall, and our DNS settings, there seems to be no issue so far.

OTRS is running on a VM with Debian Jessie, our DC is running on Windows Server 2012 R2. We migrated our previous OTRS 3.0 from a dedicated machine to a VM and updated it in steps up to OTRS 5.

Does anybody have an idea where this issues comes from? Because of its randomness, it´s hard for us to grab any error here. I´d be very thankful for any ideas. I´ll glady provide any information that is required to resolve this issue.

Thanks alot in advance and best greetings!
wurzel
Znuny guru
Posts: 3224
Joined: 08 Jul 2010, 22:25
Znuny Version: x.x.x
Real Name: Florian

Re: OTRS 5 Login not working regulary

Post by wurzel »

Hi,

check your logs.


I make a lucky guess and say: Check your DNS

Florian
OTRS 8 SILVER (Prod)
OTRS 8 auf Debian 11 (Test)
Znuny 7.x latest version testing auf Debian 11

-- Ich beantworte keine Forums-Fragen PN - No PN please

I won't answer to unfriendly users any more. A greeting and regards are just polite.
tsch157
Znuny newbie
Posts: 16
Joined: 20 Mar 2017, 11:45
Znuny Version: OTRS 5

Re: OTRS 5 Login not working regulary

Post by tsch157 »

Hi Florian,

like I said, we already checked several logs and could not find any hint. Could you advise me what specific logs I should check? Maybe there are some more OTRS specific logs I did not check because I don´t know about them.

Best regards!
wurzel
Znuny guru
Posts: 3224
Joined: 08 Jul 2010, 22:25
Znuny Version: x.x.x
Real Name: Florian

Re: OTRS 5 Login not working regulary

Post by wurzel »

Hi,

your apache error log and the otrs log. This should be located in your syslog, depending on your Core::Log settings.

And it could be helpful to switch to Debug Mode Log Level for searching the error.


You also could past your log file (parts of it). Maybe someone here would find something useful :-)

Regards
Florian
OTRS 8 SILVER (Prod)
OTRS 8 auf Debian 11 (Test)
Znuny 7.x latest version testing auf Debian 11

-- Ich beantworte keine Forums-Fragen PN - No PN please

I won't answer to unfriendly users any more. A greeting and regards are just polite.
tsch157
Znuny newbie
Posts: 16
Joined: 20 Mar 2017, 11:45
Znuny Version: OTRS 5

Re: OTRS 5 Login not working regulary

Post by tsch157 »

Hello!

I could find something of interest in the logs. LDAP connection seems to be impossible from time to time. There are several entries like this in the corresponding logs.

/var/log/syslog

Code: Select all

[b]Mar 21 17:38:24[/b] support OTRS-CGI-10[20944]: [Error][Kernel::System::CustomerUser::LDAP::_Connect][Line:198]: First bind failed! 80090308: LdapErr: DSID-0C0903D9, comment: AcceptSecurityContext error, data 775, v2580
/var/log/apache2/error.log

Code: Select all

ERROR: OTRS-CGI-10 Perl: 5.14.2 OS: linux Time: Tue [b]Mar 21 17:38:24[/b] 2017

 Message: First bind failed! 80090308: LdapErr: DSID-0C0903D9, comment: AcceptSecurityContext error, data 775, v2580

 RemoteAddress: 10.0.128.16
 RequestURI: /otrs/index.pl?Action=AgentTicketZoom;TicketID=20994

 Traceback (20944):
   Module: Kernel::System::CustomerUser::LDAP::_Connect Line: 198
   Module: Kernel::System::CustomerUser::LDAP::CustomerUserDataGet Line: 804
   Module: Kernel::System::CustomerUser::CustomerUserDataGet Line: 320
   Module: Kernel::Modules::AgentTicketZoom::MaskAgentZoom Line: 1817
   Module: Kernel::Modules::AgentTicketZoom::Run Line: 643
   Module: Kernel::System::Web::InterfaceAgent::Run Line: 1054
   Module: ModPerl::ROOT::ModPerl::Registry::usr_share_otrs_bin_cgi_2dbin_index_2epl::handler Line: 40
   Module: (eval) (v1.99) Line: 204
   Module: ModPerl::RegistryCooker::run (v1.99) Line: 204
   Module: ModPerl::RegistryCooker::default_handler (v1.99) Line: 170
   Module: ModPerl::Registry::handler (v1.99) Line: 31
Best regards and many thanks fo far.
wurzel
Znuny guru
Posts: 3224
Joined: 08 Jul 2010, 22:25
Znuny Version: x.x.x
Real Name: Florian

Re: OTRS 5 Login not working regulary

Post by wurzel »

Hi
First bind failed
is mostly wrong credentials.

Florian
OTRS 8 SILVER (Prod)
OTRS 8 auf Debian 11 (Test)
Znuny 7.x latest version testing auf Debian 11

-- Ich beantworte keine Forums-Fragen PN - No PN please

I won't answer to unfriendly users any more. A greeting and regards are just polite.
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: OTRS 5 Login not working regulary

Post by root »

775 tell you the account is locked.
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
tsch157
Znuny newbie
Posts: 16
Joined: 20 Mar 2017, 11:45
Znuny Version: OTRS 5

Re: OTRS 5 Login not working regulary

Post by tsch157 »

wurzel wrote:Hi
First bind failed
is mostly wrong credentials.

Florian
I can 100% assure that the credentials are correct. The issue occurs for all users at the same time. Either nobody or everybody can log in.
root wrote:775 tell you the account is locked.
Locked in our AD? I guess this would have consequences for many more services we use. Nearly every authentification works trough our AD, so a locked account would result in many services not working for the user. Also it would mean that atleast all users using OTRS are randomly locked and unlocked at the same time.

Best regards!
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: OTRS 5 Login not working regulary

Post by root »

tsch157 wrote: Locked in our AD? I guess this would have consequences for many more services we use. Nearly every authentification works trough our AD, so a locked account would result in many services not working for the user. Also it would mean that atleast all users using OTRS are randomly locked and unlocked at the same time.
Yes locked. I trust my sources which never failed:

http://www-01.ibm.com/support/docview.w ... wg21290631
http://wiki.servicenow.com/index.php?ti ... #gsc.tab=0
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: OTRS 5 Login not working regulary

Post by root »

root wrote:
tsch157 wrote: Locked in our AD? I guess this would have consequences for many more services we use. Nearly every authentification works trough our AD, so a locked account would result in many services not working for the user. Also it would mean that atleast all users using OTRS are randomly locked and unlocked at the same time.
Yes locked - the bind user. I trust my sources which never failed:

http://www-01.ibm.com/support/docview.w ... wg21290631
http://wiki.servicenow.com/index.php?ti ... #gsc.tab=0
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
tsch157
Znuny newbie
Posts: 16
Joined: 20 Mar 2017, 11:45
Znuny Version: OTRS 5

Re: OTRS 5 Login not working regulary

Post by tsch157 »

Ok, so we need to find the reason why the users are obviously locked and unlocked randomly at the same time. Thanks so far for your help. So the error is not within OTRS or the Linux VM.

Best regards!
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: OTRS 5 Login not working regulary

Post by root »

tsch157 wrote:Ok, so we need to find the reason why the users are obviously locked and unlocked randomly at the same time. Thanks so far for your help. So the error is not within OTRS or the Linux VM.

Best regards!
I did not said the users were locked. Your posted error tells that the bind user of OTRS is locked.
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
tsch157
Znuny newbie
Posts: 16
Joined: 20 Mar 2017, 11:45
Znuny Version: OTRS 5

Re: OTRS 5 Login not working regulary

Post by tsch157 »

root wrote:
tsch157 wrote:Ok, so we need to find the reason why the users are obviously locked and unlocked randomly at the same time. Thanks so far for your help. So the error is not within OTRS or the Linux VM.

Best regards!
I did not said the users were locked. Your posted error tells that the bind user of OTRS is locked.
And you were right! Thanks alot.
Post Reply