Forum / Devolutions Password Server - Support

Auto create domain users in database

  • Create an Issue
  • Cancel

I must be missing something because I cant get the auto creation of user to work.

Manually importing the users work fine, and using AD groups for Roles work fine.

But auto creating the users at logon is not working for me.


SQL Server 2008 running on "Server1" - AD joined
DVLS 4.0.7.0 running on "Server2" - not AD joined (but have tried also after joining to AD)
RDM 12.0.17.0


I see this in DVLS logs when trying to log in:

SqlException - Cannot insert the value NULL into column 'Name', table 'UC-RDM-TEST.dbo.UserProfile'; column does not allow nulls. INSERT fails.
The statement has been terminated.

at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString, Boolean isInternal, Boolean forDescribeParameterEncryption)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, Boolean inRetry, SqlDataReader ds, Boolean describeParameterEncryptionRequest)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry)
at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource`1 completion, String methodName, Boolean sendToPipe, Int32 timeout, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry)
at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
at Devolutions.Server.DatabaseManager.ExecuteNonQuery(String sql, IDbTransaction dbTransaction, IDbDataParameter[] parameters, CommandType commandType) in c:\Dev\devolutions\Websites\Server\Common\Managers\DatabaseManager.cs:line 255
at Devolutions.Server.UserManager.InsertUserProfile(UserEntity user, IDbTransaction dbTransaction) in c:\Dev\devolutions\Websites\Server\Common\Managers\UserManager.cs:line 1804
at Devolutions.Server.UserManager.AddUser(UserEntity user, IDbTransaction dbTransaction) in c:\Dev\devolutions\Websites\Server\Common\Managers\UserManager.cs:line 1487

Clock3 yrs

Hello,

Which username format are you using to log on to DVLS? Is it UPN, NetBios or only the username?

Are you using an alternate UPN suffix in your domain?

Best regards,



Érica Poirier

signaturesignature

Clock3 yrs

Hi Erica

I have tried to log in with all three, UPN , Netbios and username but all give same error.

Yes , I have an alternate UPN suffix in the domain.

This is just in the test and evaluation stage now and my environment has been with me for a while. Im setting up an all new environment right now to se if something is messed up in my old test system

Clock3 yrs

Hello,

Unfortunately, Devolutions Server do not support Alternate UPN suffixes at the moment. Our engineers are working diligently to add this feature in DVLS as quickly as possible.

As soon as we release a new version that includes this feature, I will let you know.

Best regards,



Érica Poirier

signaturesignature

Clock3 yrs

Ok that is good to hear.

But I have the same problem in my newly setup system now, and there i dont have Alternate UPN suffixes. Still the same error as before in the DVLS logs.

I must be missing some important thing i quess.

Trying to log in with a user that is not in the specified group used for Auto creating of the users give me the error "User is not a member of the allowed group for automatic account creation"


But when trying to log in with a user that is member of that group i get "Invalid username or password, please verify your credentials!"


And in the DVLS logs the following:


SqlException - Cannot insert the value NULL into column 'Name', table 'RDM-TEST.dbo.UserProfile'; column does not allow nulls. INSERT fails.
The statement has been terminated.

at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString, Boolean isInternal, Boolean forDescribeParameterEncryption)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, Boolean inRetry, SqlDataReader ds, Boolean describeParameterEncryptionRequest)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry)
at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource`1 completion, String methodName, Boolean sendToPipe, Int32 timeout, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry)
at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
at Devolutions.Server.DatabaseManager.ExecuteNonQuery(String sql, IDbTransaction dbTransaction, IDbDataParameter[] parameters, CommandType commandType) in c:\Dev\devolutions\Websites\Server\Common\Managers\DatabaseManager.cs:line 255
at Devolutions.Server.UserManager.InsertUserProfile(UserEntity user, IDbTransaction dbTransaction) in c:\Dev\devolutions\Websites\Server\Common\Managers\UserManager.cs:line 1804
at Devolutions.Server.UserManager.AddUser(UserEntity user, IDbTransaction dbTransaction) in c:\Dev\devolutions\Websites\Server\Common\Managers\UserManager.cs:line 1487

I noticed now though that changing the checkbox from "username" to "UPN" at the Auto creation settings makes the login and creation to work. I have to login with UPN though, and we would like to login with only "username"

Clock3 yrs

Hello,

When the account is created, are you able to login with only the username?

You should be able to use either the UPN, NetBios or only the username to log on to DVLS when an account already exists in DVLS.

Best regards,



Érica Poirier

signaturesignature

Clock3 yrs

Hello Erica

Yes, after the user is created I can login with all three ways.

Seems that the checkbox was my partner in crime smile Strange though, shouldn´t it work with "username" checked at Auto creation setting ?

Clock3 yrs

Hello,

Yes indeed this should work with Username checked at Automatic User Creation section of the Server Settings.

I have been able to reproduce your issue.

A ticket has been submitted to our engineering department.

This solution works when you check UPN in the Automatic User Creation section. You will be able to log on to DVLS with only the username even if the account doesn't exist.

image

Best regards,



Érica Poirier

signaturesignature

Clock3 yrs

Any sight on an update that fixes the autocreate issue?

Clock3 yrs

Hello,

The Automatic user creation works but not in the context of multiple UPN suffixes.

The usage of multiple UPN suffixes is not implemented yet.

Regrettably, the Support Department cannot provide an exact release date as the full process (Build – Quality Assurance – Release) is out of our control.

The Engineering Department is working diligently and they will publish the build as soon as they deem it acceptable for public release.

Best regards,



Érica Poirier

signaturesignature

Clock3 yrs

Has there been any progress on this with the latest releases?

Clock3 yrs

Hello,

Unfortunately, the latest release doesn't support the usage of multiple UPN suffixes.

You can consult the Change History web page to have a detailed list of the improvements for each release.

Best regards,



Érica Poirier

signaturesignature

Clock3 yrs

I have noticed some problem again with the Automatic create user

If the UPN and sAMAccountName is different login with UPN doesn´t work so NO user created. Entering the sAMAccountName makes user being created but i can´t login with it after that.

For example:

Not working:

UPN: donald.duck@test.local
sAMAccountName: dduck


Working:

UPN: mickey.mouse@test.local
sAMAccountName: mickey.mouse


Changing the username format for Auto created user to "Username" makes no login at all work

Changing the username format for Auto created user to "Netbios" makes login work the first time with sAMAccountNAme but the user created in database gets the login name "DOMAINNAME\" and no username after that, making no more user getting created after that.

Clock3 yrs

Hello,

Thanks for sharing your test results with our community.

These errors about the Automatic User Creation are all related to the usage of alternate UPN suffixes.
This environment is not supported with DVLS version 4.5.0.0.

Best regards,



Érica Poirier

signaturesignature

Clock3 yrs

Is there any timeline for when this will be supported?

Clock3 yrs

Hello,

The QA team are actually testing an internal build that supports the usage of alternate UPN suffixes.

We will keep you informed about the development as soon as we have new information about it.

Incidentally, we cannot provide a timeline for its delivery but this should be very soon.

Best regards,



Érica Poirier

signaturesignature

Clock3 yrs