User unable to login after upgrade
After the upgrade to 12.0.5.0 we have one domain user that cannot login, other domain users sign in without issue. We deleted her and readded her to try that but that did not resolve the issue. The error that the server is sending when she attempts to login is below. We did notice that previously we have all of our domain logins as format "DOMAIN\username" and when we readded it put it as "user@domain". We tried logging in as either format, but received the same error.
Error:
NoMatchingPrincipalException - An error occurred while enumerating the groups. The group could not be found. at System.DirectoryServices.AccountManagement.AuthZSet.get_CurrentAsPrincipal() at System.DirectoryServices.AccountManagement.FindResultEnumerator`1.get_Current() at System.DirectoryServices.AccountManagement.FindResultEnumerator`1.System.Collections.IEnumerator.get_Current() at System.Linq.Enumerable.d__94`1.MoveNext() at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection) at Devolutions.RemoteDesktopManager.Business.DirectoryServicesGetUserDetailsResult.AssignFromPrincipalSearchResult(Principal principal, PrincipalSearchResult`1 directoryGroups) in c:\Dev\devolutions\RemoteDesktopManager\Business\Results\DirectoryServicesGetUserDetailsResult.cs:line 63 at Devolutions.RemoteDesktopManager.Managers.DirectoryServicesManager.GetUserDetails(String fullName, DirectoryServicesQueryParameter directoryServicesQueryParameter, Boolean isMultiDomain, Boolean isNested, RoleInfoEntity[] roleNames) in c:\Dev\devolutions\RemoteDesktopManager\Business\Managers\DirectoryServicesManager.cs:line 379 at Devolutions.Server.Providers.RDMSMembershipProvider.CheckPasswordActiveDirectoryMultiDomain(String username, String password, MembershipLoginData membershipLoginData) in c:\Dev\devolutions\Websites\Server\Providers\RDMSMembershipProvider.cs:line 862 at Devolutions.Server.Providers.RDMSMembershipProvider.DoValidateUserMultiDomain(String username, String password, MembershipLoginData membershipLoginData, UserData userData, Boolean addLoginData) in c:\Dev\devolutions\Websites\Server\Providers\RDMSMembershipProvider.cs:line 1472 at Devolutions.Server.Providers.RDMSMembershipProvider.DoValidateUser(String username, String password, MembershipLoginData loginData) in c:\Dev\devolutions\Websites\Server\Providers\RDMSMembershipProvider.cs:line 1019 at Devolutions.Server.Providers.RDMSMembershipProvider.AuthenticateUser(MembershipLoginData loginData, String userName, String password) in c:\Dev\devolutions\Websites\Server\Providers\RDMSMembershipProvider.cs:line 761 at Devolutions.Server.Providers.RDMSMembershipProvider.DoValidateUserFull(String userName, String password, MembershipLoginData loginData) in c:\Dev\devolutions\Websites\Server\Providers\RDMSMembershipProvider.cs:line 1197 at Devolutions.Server.Controllers.APIControllers.v2.RDMSApiController.DoLogin(HttpRequestMessage request, String userName, String password, ClientApplicationInfo clientApplicationInfo, String twoFactorID, TwoFactorInfo twoFactorInfo, String publicIPAddress, Byte[] sessionKey, String repositoryId, Boolean partialMode) in c:\Dev\devolutions\Websites\Server\Website\Controllers\APIControllers\RDMSApiController.Login.cs:line 890 at Devolutions.Server.Controllers.APIControllers.v2.RDMSApiController.Login2(HttpRequestMessage request, JObject requestData, Boolean partialMode) in c:\Dev\devolutions\Websites\Server\Website\Controllers\APIControllers\RDMSApiController.Login.cs:line 313 at lambda_method(Closure , Object , Object[] ) at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ActionExecutor.<>c__DisplayClass10.b__9(Object instance, Object[] methodParameters) at System.Web.Http.Controllers.ReflectedHttpActionDescriptor.ExecuteAsync(HttpControllerContext controllerContext, IDictionary`2 arguments, CancellationToken cancellationToken) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Controllers.ApiControllerActionInvoker.d__0.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Filters.ActionFilterAttribute.d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Web.Http.Filters.ActionFilterAttribute.d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Filters.ActionFilterAttribute.d__0.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Controllers.ActionFilterResult.d__2.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Controllers.ExceptionFilterResult.d__0.MoveNext() --- Default
Source:
System.DirectoryServices.AccountManagement
All Comments (5)
Hello,
I sure would like what's different about that user, we have that bug that we are unable to reproduce locally.
Does she have less permissions in the AD structure?
Maurice
Not really, we do have her in a different AD group that is assigned a different role in RDM, but we have several of those and she is the only one we have had an issue with.
The only other difference is that she got married along the way. The original login for her, and her account still, is CARROLS\deyo. Everything else on her account however, such as e-mail display name etc, is Decarlo
Hello,
In your AD structure, are you using what is called Nested groups? (groups within other groups)
Some of our customers are experiencing issues with those, we have found that the majority did not even use them but had turned the option on.
In the Server Console - Authentication section, could you unselect "use nested AD group" option?
Maurice
We don't use the nested groups, but we went ahead and removed it as suggested and that DID fix it, she can now login. Very weird, but can live with the fix :)
Hello,
I'm happy that you can now function normally.
This error is quite troublesome and I'm starting to regret using the DirectoryServices classes of .net, they have some weird algorithms and are not user friendly.
Maurice