CA Service Management

Hi,

One of our user is not able to login CA service desk. After entering the login and password after some time it is showing CGI timeout error.

LDAP is enabled in the service desk.

He was able to access service desk earlier. Recently he has changed the NT (AD) password. After that he is facing this problem. 

Can anybody help us to fix this issue. Thanks.

Maheswari.K

Hi Maheswari,

i. Are other users using the same role able to login OK?

ii. What is the Authentication Method set for the Role\Access Type in question?

iii. Is SSO (Single Sign-On) enabled?

===

Kind Regards,

Brian

Hi Brain,

It is working for all the other users having the same role.

Access type Analyst and playing analyst role. Tried in Employee access type also.

CA service desk is LDAP integrated so that when user access the service desk url they have to feed the nt(AD) user name and  password for authentication.

Hi Maheswari,

What other errors are noted in the stdlog at the time of that specific user trying to login?

Do they get the error with other browsers?

Also check if there are duplicate records for this user in the contact table.

You could also inactivate the affected contact and then create a new active record and see if this helps.

===

Kind Regards,

Brian

There is no log for this user in the log file.

yes tried with IE, Chrome and Firefox. Its not working.

We inactivated the existing id and created new contact record also. But still its not working.

There is no duplicate active contact record.

Hi Maheswari,

Few things here - First, the LDAP options in Service Desk are NOT related to authentication at all.  Those options are solely for the purpose of importing and updating contact records, but they do NOT control authentication.   Service Desk really only has 2 authentication methods, OS Authentication, which will go to the local OS of the server, and if the user does not exist there, it will go to the domain for which that server belongs to - if the users belong to that same domain then it will be able to authenticate them.  The other option is to use EEM for authentication and point EEM to the LDAP directory you are using.  So first we need to understand how you are authenticating your users.  On the access type, can you tell us what the authentication method is set to?  Is it set to use EEM?  or is it set to OS Authentication?   Second, can you tell us if you are using IIS on the SDM servers, and if so, do you have "Windows Authentication" enabled in IIS?   

Now, IF you are using EEM for authentication, have that same user attempt to log into the EEM UI using their LDAP credentials.  If they are not able to log in there, then it may be an issue with EEM caching the users old password. (You can also have that user attempt to log into SDM using their old password to see if that works as well).   If you are using IIS with Windows Auth (and SDM is using OS Auth), then someone would need to troubleshoot this further as its possible there is something up with that user account.

Hope this helps - let us know the answers to my questions and we can further assist you here.

Thanks,

Jon I.

Hello,

There is a good chance that we would need you to turn up logging to review the problem at hand.  I would suggest at that point to create a case to investigate further as log review/debug is not a suitable task to perform within Communities.  

If you do create a ticket, please including logging on the BOP-LOGIN processes, ie:

pdm_logstat -f bplaccess.c TRACE
pdm_logstat -n boplgin TRACE
pdm_logstat -n bopauth_nxd TRACE
bop_logging BOP-LOGIN -f C:\bopLog.out -m 20000000 -n 10 ON

The above logging will help us determine on the given end user's activity during a login attempt.  Turn on the above logging and have the affected user and a working user both try and sign in.

Ideally, we would need documented:

- The name of the user (login id) who is experiencing problems logging including (and timeframe of the attempt)
- The name of a comparable user (login id) of someone who isn't having problems (and timeframe of the attempt)
- Confirmation that the problem is following the given user. Have the user try on his/her own browser and on someone else's system. Similarly, have a working user try the affected user's browser.

Additionally, please update this community post with the ticket number generated.