hi, I have various versionof UltraVNC running in a domain environment with MSLogon enabled on all workstations.
I have an AD group for IT users so they can authenticate to user workstations.
On some workstation an IT users get Authentication Failed when they attempt to VNC into users workstations.
Myself and another tech can, under the IT users domain login, VNC into a target workstation and authenticate with OUR AD credentials without issue.
So, the VNC viewer works and can connect to the target workstation.
I verified that the IT users being rejected are in fact in the MSLogon AD group, and the target workstation
has that group listed in the MSLogon ACL, with Domain checked.
Any ideas?
thanks
paolo
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
MSLogon can't authenticate some users on same AD group
- Rudi De Vos
- Admin & Developer
- Posts: 6867
- Joined: 2004-04-23 10:21
- Contact:
Re: MSLogon can't authenticate some users on same AD group
What do you get when you run testauth.exe on workstations with auth failed.
Re: MSLogon can't authenticate some users on same AD group
I got this:
C:\Programmi\uvnc bvba\UltraVNC>testauth.exe
Enter user name : gabriele
Enter password : ********
Enter group : EDPIP
loc=1 dom=3 local+domain=3 : 3
Trying authlogonuser.dll
This only works on XP>
test is runnning as application and not a service
------------------------
------------------------
authlogonuser.dll not foundbased on authlogonuser.dll user has NO access
Trying auth.dll
------------------------
------------------------
auth.dll not foundbased on auth.dll user has NO access
Trying authaddll
------------------------
------------------------
authad.dll not foundbased on authad.dll user has NO access
Trying ldapauth .dll
------------------------
------------------------
LDAP://rootDSE
LDAP://DC=ip,DC=loc
ADsPath: LDAP://CN=Gabriele,CN=Users,DC=ip,DC=loc
ADsPath: LDAP://CN=EDPIP,CN=Users,DC=ip,DC=loc
Group found OK
Object
LDAP://CN=Gabriele,CN=Users,DC=ip,DC=loc
IS a member of the following Group:
LDAP://CN=EDPIP,CN=Users,DC=ip,DC=loc
based on ldapauth.dll user has access Enter to quit
when I run testauth with my user (one that work), I got this:
C:\Programmi\uvnc bvba\UltraVNC>testauth.exe
Enter user name : paolo
Enter password : ********
Enter group : EDPIP
loc=1 dom=3 local+domain=3 : 3
Trying authlogonuser.dll
This only works on XP>
test is runnning as application and not a service
------------------------
------------------------
authlogonuser.dll not foundbased on authlogonuser.dll user has NO access
Trying auth.dll
------------------------
------------------------
auth.dll not foundbased on auth.dll user has NO access
Trying authaddll
------------------------
------------------------
authad.dll not foundbased on authad.dll user has NO access
Trying ldapauth .dll
------------------------
------------------------
LDAP://rootDSE
LDAP://DC=ip,DC=loc
ADsPath: LDAP://CN=Paolo,CN=Users,DC=ip,DC=loc
ADsPath: LDAP://CN=EDPIP,CN=Users,DC=ip,DC=loc
Group found OK
////////////////////////////////////////////////////
Checking the Group:
LDAP://CN=EDPIP,CN=Users,DC=ip,DC=loc
for the member:
LDAP://CN=Paolo,CN=Users,DC=ip,DC=loc
////////////////////////////////////////////////////
Comparing:
{AE5ED752-7DCD-41F8-869C-DACDBF318C69}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{A6C51F28-86F7-40A3-BB26-856EC93C5C7D}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{0D669D5A-72B5-48E7-B4F6-DEDFBD647732}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{5D88448C-8779-484E-942C-D9230BC76291}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{5F6AD8C2-1E1B-4FCF-9D15-8C9CDC3CBA1B}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{6A60E76F-9913-4D92-A87F-BCDBBC997252}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{CE1B812F-14C7-4FEF-AE7B-0DA44761F8C5}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{CFC7D496-A638-4264-8451-951C762BF2AD}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{BB5F3449-A2E7-4054-96B5-F73DAB0E9653}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{1DF6B3B4-496E-4300-9B91-BB9424A60C55}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{F96EDD7A-3AC5-434E-8451-0D52AB898B9E}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{E270E24D-1262-4468-A00C-D2C6A5843C6C}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{98B66050-A7B7-4661-9D93-68A83461B790}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{D763CCD9-0834-476A-9CF2-222CE426F691}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{234A462B-FC7B-4E3D-8845-F2779B20C45D}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
USER not found in group
based on ldapauth.dll user has NO access Enter to quit
thanks a lot
C:\Programmi\uvnc bvba\UltraVNC>testauth.exe
Enter user name : gabriele
Enter password : ********
Enter group : EDPIP
loc=1 dom=3 local+domain=3 : 3
Trying authlogonuser.dll
This only works on XP>
test is runnning as application and not a service
------------------------
------------------------
authlogonuser.dll not foundbased on authlogonuser.dll user has NO access
Trying auth.dll
------------------------
------------------------
auth.dll not foundbased on auth.dll user has NO access
Trying authaddll
------------------------
------------------------
authad.dll not foundbased on authad.dll user has NO access
Trying ldapauth .dll
------------------------
------------------------
LDAP://rootDSE
LDAP://DC=ip,DC=loc
ADsPath: LDAP://CN=Gabriele,CN=Users,DC=ip,DC=loc
ADsPath: LDAP://CN=EDPIP,CN=Users,DC=ip,DC=loc
Group found OK
Object
LDAP://CN=Gabriele,CN=Users,DC=ip,DC=loc
IS a member of the following Group:
LDAP://CN=EDPIP,CN=Users,DC=ip,DC=loc
based on ldapauth.dll user has access Enter to quit
when I run testauth with my user (one that work), I got this:
C:\Programmi\uvnc bvba\UltraVNC>testauth.exe
Enter user name : paolo
Enter password : ********
Enter group : EDPIP
loc=1 dom=3 local+domain=3 : 3
Trying authlogonuser.dll
This only works on XP>
test is runnning as application and not a service
------------------------
------------------------
authlogonuser.dll not foundbased on authlogonuser.dll user has NO access
Trying auth.dll
------------------------
------------------------
auth.dll not foundbased on auth.dll user has NO access
Trying authaddll
------------------------
------------------------
authad.dll not foundbased on authad.dll user has NO access
Trying ldapauth .dll
------------------------
------------------------
LDAP://rootDSE
LDAP://DC=ip,DC=loc
ADsPath: LDAP://CN=Paolo,CN=Users,DC=ip,DC=loc
ADsPath: LDAP://CN=EDPIP,CN=Users,DC=ip,DC=loc
Group found OK
////////////////////////////////////////////////////
Checking the Group:
LDAP://CN=EDPIP,CN=Users,DC=ip,DC=loc
for the member:
LDAP://CN=Paolo,CN=Users,DC=ip,DC=loc
////////////////////////////////////////////////////
Comparing:
{AE5ED752-7DCD-41F8-869C-DACDBF318C69}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{A6C51F28-86F7-40A3-BB26-856EC93C5C7D}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{0D669D5A-72B5-48E7-B4F6-DEDFBD647732}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{5D88448C-8779-484E-942C-D9230BC76291}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{5F6AD8C2-1E1B-4FCF-9D15-8C9CDC3CBA1B}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{6A60E76F-9913-4D92-A87F-BCDBBC997252}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{CE1B812F-14C7-4FEF-AE7B-0DA44761F8C5}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{CFC7D496-A638-4264-8451-951C762BF2AD}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{BB5F3449-A2E7-4054-96B5-F73DAB0E9653}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{1DF6B3B4-496E-4300-9B91-BB9424A60C55}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{F96EDD7A-3AC5-434E-8451-0D52AB898B9E}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{E270E24D-1262-4468-A00C-D2C6A5843C6C}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{98B66050-A7B7-4661-9D93-68A83461B790}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{D763CCD9-0834-476A-9CF2-222CE426F691}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
Comparing:
{234A462B-FC7B-4E3D-8845-F2779B20C45D}
WITH:
{D99E9ED4-98CB-44AF-96E0-44C4835238A3}
USER not found in group
based on ldapauth.dll user has NO access Enter to quit
thanks a lot