"User authentication failed during a refresh"

  • 7012747
  • 01-Jul-2013
  • 24-Aug-2020

Environment

ZENworks Configuration Management 2017
ZENworks Configuration Management 11

Situation

ERROR:

"User authentication failed during a refresh.
User applications will not be available.
This may occur if the user's password is changed or
if the user is deleted from the user source".


ERROR (zmd-messages.log on workstation):

[DEBUG] [07/01/2013 09:23:40.671] [356] [ZenworksWindowsService] [52] [Administrator] [RegistrationManager] [] [registerUser returned -34] [] []

ERROR (services-messages.log on primary):

[Registration Web Service] [43] [] [User authentication failed.] [] []



Resolution

This error happens when the user logs in (casa) to an authentication server and presents the token to a different configuration primary which is not in time synch with the authentication server.   The authentication succeeds but the configuration server rejects the casa token.

  1. Confirm that all authentication primaries and satellites can authenticate users.  Micro Focus customer care can provide casatester tool for this.
    (make a test configuration for closest server one by one or use casatester to test explicitly (request casaTester.exe from ZENworks Technical Support).  If any server fails to authenticate, troubleshoot the CasaAuthToken service on the primary by inspecting ats.log and ats.trace in zenworks_home\logs directory.
  2. Confirm that all authentication servers are in time sync with all configuration primary servers and devices.
    A configuration primary will reject a token that has expired due to time difference between the authentication server and configuration server.
  3. Restart ZENworks services on all configuration primary servers.
  4. Confirm server roles in database (zzenserverroles table) 
  5. It may be necessary to reconfigure the authentication satellite with zac asr -t all
  6. On all primaries, confirm that this file is intact on all primaries and send to Customer care for analysis:  /etc/opt/novell/zenworks/security/trusted-ats-jks-store.  This keystore file needs to include all the certificates for all satellites.
  7. On all primaries, confirm that /etc/CASA/authtoken/svc/enabled_services and below folders are intact and proper
  8. On all primaries, confirm that /opt/novell/zenworks/share/tomcat/webapps/CasaAuthTokenSvc and below folders are intact and proper.
  9. Confirm sufficient disk space on primary, in loader-messages.log confirm that Loader.CasaAuthRealmConfigurator process is running without errors.

Additional Information

FYI - Changes made to the User Source in ZCC will rebuild the/etc/CASA/authtoken/svc/iaRealms.xml file

Feedback service temporarily unavailable. For content questions or problems, please contact Support.