Re: IMC v7.3 authentication server fail (LDAP)

If you are using AD as your LDAP server then you need to set Microsoft Active Directory as server type and sAMAccountName as Username attribute.

While youre correct, you are also incorrect.

I have that setup properly but, I too get the same error, Authentication server is not available. I also get bits in the log about a Java certificate that is missing ont he DC. That seems odd to me.

2017-08-04 11:55:18 [WARN ] [http-nio-8080-exec-4] [com.imc.servlet.filters.UrlAccessController::doFilter] Access URL With No OperatorInfo: /imc/login.jsf?null from 10.5.2.18
2017-08-04 11:55:18 [WARN ] [http-nio-8080-exec-4] [com.imc.ext.beans.CommonExtensionManagedBean::filterExtensionConfigsForAppVersion] current version is not app version.current perspectiveId is empty.
2017-08-04 11:55:18 [WARN ] [http-nio-8080-exec-4] [com.imc.ext.beans.CommonExtensionManagedBean::filterExtensionConfigsForAppVersion] current version is not app version.current perspectiveId is empty.
2017-08-04 11:55:18 [WARN ] [http-nio-8080-exec-4] [com.imc.ext.beans.CommonExtensionManagedBean::filterExtensionConfigsForAppVersion] current version is not app version.current perspectiveId is empty.
2017-08-04 11:55:18 [INFO ] [Thread-64] [com.imc.ntam.config.ntatask.func.NoneConfigInfoReceiver::run] this.msgQueue.poll() : 0
2017-08-04 11:55:18 [INFO ] [Thread-64] [com.imc.ntam.config.ntatask.func.NoneConfigInfoReceiver::run] NoneConfigInfoReceiver run 0
2017-08-04 11:55:18 [WARN ] [http-nio-8080-exec-4] [com.imc.ext.beans.CommonExtensionManagedBean::filterExtensionConfigsForAppVersion] current version is not app version.current perspectiveId is empty.
2017-08-04 11:55:18 [WARN ] [http-nio-8080-exec-4] [com.imc.ext.beans.CommonExtensionManagedBean::filterExtensionConfigsForAppVersion] current version is not app version.current perspectiveId is empty.
2017-08-04 11:55:18 [WARN ] [http-nio-8080-exec-4] [com.imc.ext.beans.CommonExtensionManagedBean::filterExtensionConfigsForAppVersion] current version is not app version.current perspectiveId is empty.
2017-08-04 11:55:18 [ERROR] [http-nio-8080-exec-4] [com.imc.plat.operator.func.LdapUtils::authenticate] Failed to connect to LDAP Server
javax.naming.CommunicationException: simple bind failed: 10.0.128.33:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:218)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
at javax.naming.InitialContext.init(InitialContext.java:242)
at javax.naming.InitialContext.<init>(InitialContext.java:216)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
at com.imc.plat.operator.func.LdapUtils.authenticate(LdapUtils.java:192)
at com.imc.plat.operator.func.OperatorAuthMgrLdapImpl.authenticate(OperatorAuthMgrLdapImpl.java:55)
at com.imc.plat.operator.func.OperatorMgrImpl.localAuthentic(OperatorMgrImpl.java:2578)
at com.imc.plat.operator.func.OperatorMgrImpl.login(OperatorMgrImpl.java:2072)
at sun.reflect.GeneratedMethodAccessor3946.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:96)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:94)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy52.login(Unknown Source)
at com.imc.plat.operator.view.OperatorBean.onLogin(OperatorBean.java:1632)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.el.parser.AstValue.invoke(AstValue.java:279)
at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:273)
at org.apache.myfaces.view.facelets.el.ContextAwareTagMethodExpression.invoke(ContextAwareTagMethodExpression.java:96)
at org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:68)
at javax.faces.component.UICommand.broadcast(UICommand.java:120)
at javax.faces.component.UIViewRoot._broadcastAll(UIViewRoot.java:1041)
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:289)
at javax.faces.component.UIViewRoot._process(UIViewRoot.java:1415)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:765)
at org.apache.myfaces.lifecycle.InvokeApplicationExecutor.execute(InvokeApplicationExecutor.java:38)
at org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:170)
at org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:117)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:197)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.primefaces.webapp.filter.FileUploadFilter.doFilter(FileUploadFilter.java:79)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.imc.servlet.filters.FileUploadEncodingFilter.doFilter(FileUploadEncodingFilter.java:29)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.filters.CorsFilter.handleNonCORS(CorsFilter.java:436)
at org.apache.catalina.filters.CorsFilter.doFilter(CorsFilter.java:177)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.imc.filter.ImcBrowserCacheInvalidFilter.doFilter(ImcBrowserCacheInvalidFilter.java:66)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.imc.filter.ImcNoEtagFilter.doFilter(ImcNoEtagFilter.java:47)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.imc.filter.ImcExpiresFilter.doFilter(ImcExpiresFilter.java:830)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.imc.servlet.filters.UrlAccessController.doFilter(UrlAccessController.java:480)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1760)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1719)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:837)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:709)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:431)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:404)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:358)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:213)
... 87 more
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:384)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:134)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.validator.Validator.validate(Validator.java:236)
at com.imc.plat.operator.LdapX509TrustManager.validate(LdapX509TrustManager.java:101)
at com.imc.plat.operator.LdapX509TrustManager.checkServerTrusted(LdapX509TrustManager.java:82)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:885)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428)
... 100 more
2017-08-04 11:55:18 [INFO ] [http-nio-8080-exec-4] [com.imc.plat.operlog.func.OperationLogMgrImpl::insertLog] moduleId: 3, description: Operator logged in.
2017-08-04 11:55:18 [INFO ] [http-nio-8080-exec-4] [com.imc.plat.operlog.func.OperationLogMgrImpl::insertLog] [OperationLog] Operator:langlej,IP Address:10.5.2.18,Module Name:Platform,Operation:Operator logged in.,Result:FAILURE
2017-08-04 11:55:18 [INFO ] [http-nio-8080-exec-4] [com.imc.res.device.dao.ResUsedLicenseCount::getUsedCount] resp.vcfPECount is : 0

I'll try and correct.

The OP did not have require SSL checked. And if SSL is NOT checked, then it will work as I orginally described.

It looks like you have checked SSL, based on the logs, correct?

Assuming that is the case, if you check SSL you must:

• Change the port to 636 - this is the cause of server not available message
• Export the Root Certificate for your AD domain from the domain controller (not the DC's cert) and upload to IMC

If the wrong cert is uploaded the message will change to wrong authentication file or something like that.

Hopefully that helps - I have verified both SSL and non SSL configuration on my system, so if you are still having issues, there is some other problem.

That has been the setup since the change to AD was made and yet, I still get the error  of "Authentication server is not available. Please contact the administrator." 

Same issue on port 389 (no ssl) as 636?  For me that message indicated no traffic on port when I tested it.

Check windows firewall on both IMC and AD. Turn it off to verify or use wireshark

Hi. I have this same error. I use SSL connection with dc cert and port 636.
I solved this problem after analyses auth logs. It is JAVA problems. Change field "Admin DN" to formats user.name@dc.com(implat@imc.com). It is helped me.

Thanks! That did the trick here too! :)