Call Savance Workplace Call Us: (248) 478-2555

Support Suite

User Login



 

Main

Knowledgebase: Active Directory Sync
Active Directory login not working after a server upgrade
Posted by Travis Fleenor on 10 May 2018 12:04 PM

Make Sure "Validate Credentials with Active Directory" is checked

"validate credentials with active directory" is always unchecked after an upgrade. That allows users to sign in with their username as their password.
Recheck box after update to restore using AD Password

To do so, Open EIOBoard Server Admin and go to Management-->Settings-->AD Sync->Options

 

 

Make Sure the Web.config matches the Server Settings

Sometimes information will carry over in the UI with the upgrade, but not in the web.config. To save the information to the web.config file again:

  1. Open EIOBoard Server Admin and go to Management-->Settings-->AD Sync->Connection Settings
  2. Edit any of the information(Username, AD Server, etc) and save
  3. Change it back to the correct information and save

Now the correct information should be saved to the Web.config file. You can also check manually it yourself through the IIS:

  1. Open IIS
  2. Navigate to the EIOBoard website entry.
  3. Head to the site's folder by clicking explore in the Actions panel on the right
  4. Open the 'web.config' file


Credentials must be null when Authentication is Anonymous

In version 9.1.36 and later of EIOBoard Server a setting was added to the Active Directory Settings for Auth Type. This was done to support several different authorization types possible in Active Directory.

If you encounter an error "Credentials must be null when Authentication is Anonymous" or something to that effect when logging into the eb web application with Active Directory credentials it is most often due to an improper Auth Type setting in the EIOBoard Server admin.

Open EIOBoard Server Admin and go to Management-->Settings-->AD Sync->Connection Settings. Find the drop down setting for Auth Type. the default setting is negotiate. However, if you are experiencing this error, in most cases you need to set it to Kerberos and hit save. Then try logging in again. If this doesn't work try a few of the other settings. If you know the type of Authentication setting being used by your AD Server set this setting to match it.

In some cases you may have to add the Auth Type and ActiveDirectoyPort keys manually to the web.config file(you can find where yours is via IIS-> Go to the EIOBoard site-> Explore). In which case you can add the following lines to the appSettings section of the file:
<add key=”ActiveDirectoryPort” value=”[INSERT_PORT_NUMBER_HERE]” />

<add key=”ADAuthType” value=”[INSERT_AUTH_TYPE_NUMBER_HERE]” />

With the appropriate number for the corresponding Auth Type:

Anonymous = 0,
Basic = 1,
Negotiate = 2,
Ntlm = 3,
Digest = 4,
Sicily = 5,
Dpa = 6,
Msn = 7,
External = 8,
Kerberos = 9

 

Upgrading past version 10.3.47

With version 10.3.47, the method for paging was changed to a more efficient and secure version, so a few settings may have to be adjusted. You can see the full details of those changes here:

https://support.savance.com/Knowledgebase/Article/View/755/0/active-directory-changes-after-version-10347

The numbers for the new Auth Types are as follows:

Anonymous = 16    
Delegation = 256    
Encryption = 2    
FastBind = 32    
None = 0
ReadonlyServer = 4    
Sealing = 128    
Secure = 1
SecureSocketsLayer = 2
ServerBind = 512
Signing = 64

 

If this information does not lead to a resolution of the problem contact tech support by emailing support@eioboard.com