Environment
Novell ZENworks Configuration Management 11.2.4
Situation
AD user login is not working.
Error seen in the ZMD-MESSAGES.LOG: " [CommonCasa] [] [ObtainAuthToken took exception: -939589631 System.Exception: -939589631 "
Resolution
The ZCM agent is having to use the systems proxy setting which is configured via AD GPO. Added the ZCM servers into the proxy server exclusion list. After a reboot AD User Source login is successful.
Additional Information
Full error seen in the ZMD-MESSAGES.LOG:
"[DEBUG] [08/05/2014 12:38:15.545] [1216] [ZenworksWindowsService] [39] [] [CommonCasa] [] [ObtainAuthToken took exception: -939589631 System.Exception: -939589631
bei Novell.Casa.Client.Auth.Authtoken.ObtainAuthToken(String sService, String sHost, WinLuid luid, String()& extraData, IntPtr micasaContext, String& AuthMech)
bei Novell.Zenworks.Zmd.Common.CasaHelper.ObtainAuthToken(String SessionID, String RealmName, String Host, String& AuthToken, String()& ExtraAttribs, IntPtr MicasaContext, String& AuthMech)] [] []
[DEBUG] [08/05/2014 12:38:15.545] [1216] [ZenworksWindowsService] [39] [] [CommonCasa] [] [Stack Trace: bei Novell.Casa.Client.Auth.Authtoken.ObtainAuthToken(String sService, String sHost, WinLuid luid, String()& extraData, IntPtr micasaContext, String& AuthMech)
bei Novell.Zenworks.Zmd.Common.CasaHelper.ObtainAuthToken(String SessionID, String RealmName, String Host, String& AuthToken, String()& ExtraAttribs, IntPtr MicasaContext, String& AuthMech)] [] []"
bei Novell.Casa.Client.Auth.Authtoken.ObtainAuthToken(String sService, String sHost, WinLuid luid, String()& extraData, IntPtr micasaContext, String& AuthMech)
bei Novell.Zenworks.Zmd.Common.CasaHelper.ObtainAuthToken(String SessionID, String RealmName, String Host, String& AuthToken, String()& ExtraAttribs, IntPtr MicasaContext, String& AuthMech)] [] []
[DEBUG] [08/05/2014 12:38:15.545] [1216] [ZenworksWindowsService] [39] [] [CommonCasa] [] [Stack Trace: bei Novell.Casa.Client.Auth.Authtoken.ObtainAuthToken(String sService, String sHost, WinLuid luid, String()& extraData, IntPtr micasaContext, String& AuthMech)
bei Novell.Zenworks.Zmd.Common.CasaHelper.ObtainAuthToken(String SessionID, String RealmName, String Host, String& AuthToken, String()& ExtraAttribs, IntPtr MicasaContext, String& AuthMech)] [] []"
Also seen in the ZMD-MESSAGES.LOG:
"Line 10709: [DEBUG] [06/16/2014 08:14:58.769] [1436] [ZenworksWindowsService] [36] [] [ZMD] [] [URI for bad on proxy AuthToken: https://xxx.xxx.xxx.xxx:444/zenworks-containmentlookup/] [] []
Line 10710: [DEBUG] [06/16/2014 08:14:58.769] [1436] [ZenworksWindowsService] [36] [] [ZMD] [] [URI for bad AuthToken: https://xxx.xxx.xxx.xxx:444/zenworks-containmentlookup/] [] [] "
Line 10710: [DEBUG] [06/16/2014 08:14:58.769] [1436] [ZenworksWindowsService] [36] [] [ZMD] [] [URI for bad AuthToken: https://xxx.xxx.xxx.xxx:444/zenworks-containmentlookup/] [] [] "
The IP address in the above two entries is the system proxy delivered via the Windows (AD) GPO.
The systems proxy is the one configured via "netsh winhttp set proxy" in the command line (possible via GUI since Windows 8.1, and has to be configured otherwise Windows 8 is not able to receive Windows Updates).
ZCM has no proxy configured in ZCC.
Checked TID 7009845 'Errors logging in'. Not the issue. CasaAuthTokenSvc.war file is extracted completely on all primary server. The CASA servlet / port 2645 test (KB 3418069) does not fail for any primary server.