Troubleshooting steps for NTLM-based SSO
Change browser settings to allow single sign-on
Trusted sites are the sites in which NTLM authentication can occur seamlessly. If SSO has failed, then the most probable cause is that ADAudit Plus isn't a part of your browser's trusted sites.
To add the URLs of ADAudit Plus in the trusted sites list, follow the steps given below:
Internet Explorer (IE):
- Open Internet Explorer, and click on Tools located in the top right-hand corner of the screen. Then go to Internet Options → Security. Under Select a zone to view or change security settings, select Local Intranet → Sites.
- If you're using any versions lower than IE 11, add the URL of ADAudit Plus to the list of intranet sites.
- you're using IE 11, click on Advanced, and add the URL of ADAudit Plus to the list of intranet sites.
- Click Close → OK. Finally, close all browser sessions, and reopen the browser.
Google Chrome
- Open Control Panel → Network and Internet → Internet Options. In the Internet Properties window that opens, click Security → Local Intranet → Sites → Advanced, and add the URL of ADAudit Plus to the list of intranet sites.
- Click Close → OK. Finally, close all browser sessions, and reopen the browser.
Mozilla Firefox
- Open Firefox, and type about:config in the address bar. Click Accept the risk and continue. In the search field, type network.automatic-ntlm-auth.trusted-uris.
Click the edit icon next to network.automatic-ntlm-auth.trusted-uris, and type the URL of ADAudit Plus. Use a comma to separate multiple URLs.
- Click OK. Finally, close all browser sessions, and reopen the browser.
Note:
- It's recommended that you close all browser sessions after adding the URL to the trusted sites list for the changes to take effect.
- Google Chrome and Internet Explorer use the same internet settings. Changing the settings either in Internet Explorer or in Chrome will enable NTLM SSO in both browsers.
Check the computer account configuration
Status: Error in Creating Computer Account. This error can be due to any of the reasons listed below:
Invalid domain credentials in ADAudit Plus
The credentials of the user account specified in the domain settings section might have expired. To update the credentials:
- Log in to the ADAudit Plus web console with admin credentials.
- Click on Domain Settings, hover over the relevant domain, click on Modify credentials, and update the username and password.
Domain controllers (DC) are not accessible from ADAudit Plus
ADAudit Plus might not be able reach the specified DCs. To add another DC that ADAudit Plus can access:
- Log in to the ADAudit Plus web console with admin credentials.
- Click Domain Settings, select the relevant domain, click Add Domain Controller, and specify the name of the relevant DC.
Non-conformance to password policy
The password of the automatically created computer accounts for NTLM authentication might not be meeting the domain password policy settings. To create a computer account manually and assign it a password that meets the complexity requirements of the domain policy settings, follow the steps given below:
- Log in to ADAudit Plus web console with admin credentials. Navigate to Admin → Administration → Logon Settings → Single Sign-On. Check the box next to Enable Single Sign-On, and select NTLMv2 Authentication.
- Click on the error message Error in creating a new computer account in the status column next to the domain in which you wish to create a computer account.
- Create a computer account manually by entering a Computer Name and Password.
Don't see what you're looking for?
-
Visit our community
Post your questions in the forum.
-
Request additional resources
Send us your requirements.
-
Need implementation assistance?
Try onboarding