ZCM User authentication fails after user object got moved in Active Directory domain

  • 7008909
  • 07-Jun-2012
  • 07-Jul-2016

Environment

Novell ZENworks Configuration Management 11.2 Authentication

Situation

Active Directory is configured as user source
Managed device has been installed or updated with ZCM agent 11.2.
Some users do not get authenticated to ZCM
Related user accounts have been moved to a different folder in the user source
CASA client logs error code -939589594 which means invalid user credentials


Resolution

This is fixed in version 11.2.2 - see KB 7010757 "ZENworks Configuration Management 11.2.2 - update information and list of fixes" which can be found at https://support.microfocus.com/kb/doc.php?id=7010757
Note the fix above does not work if SAMAccountName is different than CN.

Workaround:

Remove the cached full distinguished name for the affected user account in the Windows registry
HKEY_LOCAL_MACHINE\Software\Novell\ZCM\ZENLgn\History\Cache\<Domain Name> String: <User Name>=<Full Distinguished Name of user object>

Cause

The ZCM agent caches the full distinguished name of logged-in user since ZCM 11.2 so that subsequent logins do not need to search the respective domain for the folder of these user objects, accelerating ZCM login with Active Directory-based user source. But after a user object got moved to another folder, the cache does not get cleared causing ZCM authentication to fail.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.