Failed to set up administrator account. Incorrect username or password.

While playing around with Professional addition [Version 3.1.2 (build 6881)].  I was using this entry for main-config.xml

<?xml version="1.0" encoding="UTF-8"?>
<server rootURL="
http://localhost:81">
  <db-compact>
    <scheduler hour="3" minute="0" />
  </db-compact>
  <auth-type>
    <login-module />
    <login-description />
    <guest-login allowed="false" guest-username="guest" />
    <free-registration allowed="false" />
  </auth-type>
  <artifacts maxArtifactSize="300000000" />
  <comment-transformation />
  <report-tab title="Code Coverage" basePath="coverage.zip" />
  <report-tab title="JavaDoc" basePath="javadoc.zip" />
</server>


Everything was working fine.  Then I obtained Evaluation License for Enterprise addition.
The first thing I wanted to try out is how Windows Authentication works.  So I changed main-config.xml to this:

<?xml version="1.0" encoding="UTF-8"?>
<server rootURL="
http://localhost:81">
  <db-compact>
    <scheduler hour="3" minute="0" />
  </db-compact>
  <auth-type>
      <login-module />
      <guest-login allowed="false" />
  </auth-type>
  <artifacts maxArtifactSize="300000000" />
  <comment-transformation />
  <report-tab title="Code Coverage" basePath="coverage.zip" />
  <report-tab title="JavaDoc" basePath="javadoc.zip" />
</server>

The first thing TC UI asked me to do is to (Set up Administrator Account).

I entered
User Name: Domain\User
Password: AppropriatePassword

TC came back with (Failed to set up administrator account. Incorrect username or password.)

I know for a fact that the (Domain\User) I used and the password are 100% correct and have admin privileges on the box.  I can't get anywhere pass (Set up Administrator Account) page.
If I switch main-config.xml back to what it was it is working fine but I am back not using windows authentication.

Windows Authentication is very important to us and we absolutely need to use it.  What am I missing?

8 comments
Comment actions Permalink

Are there any error messages in the teamcity-server.log? What is the content of your ntlm-config.properties file (it should be in the .BuildServer/config directory)?

--
Pavel Sher

0
Comment actions Permalink

Yes there is an error in teamcity-server.log

[2008-11-28 11:06:28,999]   WARN -   jetbrains.buildServer.SERVER - Login failed, error: javax.security.auth.login.LoginException: jcifs.smb.SmbException:
jcifs.util.transport.TransportException: Connection timeout
at jcifs.util.transport.Transport.connect(Transport.java:178)
at jcifs.smb.SmbTransport.connect(SmbTransport.java:287)
at jcifs.smb.SmbTree.treeConnect(SmbTree.java:139)
at jcifs.smb.SmbSession.logon(SmbSession.java:169)
at jcifs.smb.SmbSession.logon(SmbSession.java:162)
at jetbrains.buildServer.serverSide.impl.auth.JCIFSBasedAuthenticator.authenticate(JCIFSBasedAuthenticator.java:4)
at jetbrains.buildServer.serverSide.impl.auth.NTDomainLoginModule.login(NTDomainLoginModule.java:23)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
at jetbrains.buildServer.serverSide.impl.auth.ServerLoginModelImpl.tryToLogin(ServerLoginModelImpl.java:29)
at jetbrains.buildServer.serverSide.impl.auth.ServerLoginModelImpl.checkPassword(ServerLoginModelImpl.java:41)
at jetbrains.buildServer.controllers.login.WebLoginModelImpl.checkPassword(WebLoginModelImpl.java:69)
at jetbrains.buildServer.controllers.admin.users.SubmitSetupAdminController.doPost(SubmitSetupAdminController.java:7)
at jetbrains.buildServer.controllers.BaseFormXmlController$1.handleRequest(BaseFormXmlController.java:2)
at jetbrains.buildServer.controllers.AjaxRequestProcessor.processRequest(AjaxRequestProcessor.java:1)
at jetbrains.buildServer.controllers.BaseFormXmlController.doHandle(BaseFormXmlController.java:14)
at jetbrains.buildServer.controllers.BaseController.handleRequestInternal(BaseController.java:38)
at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:874)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:808)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:476)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:441)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at jetbrains.buildServer.web.ResponseFragmentFilter.doFilter(ResponseFragmentFilter.java:0)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:595)


Here is the content of ntlm-config.properties

# Uncomment the line below if you want to use the old-fashioned login
# module. This login module is only works with Windows (e.g. the TeamCity
# server must be installed on computer running Windows).
# ntlm.compatibilityMode=true

# Uncomment to specify the default domain. If default domain is not
# specified, it must be provided in the username field using one of the
# following formats: <domain name>\<username> or <username>@<domain name>
# ntlm.defaultDomain=

0
Comment actions Permalink

Any idea on how to resolve this issue?

Thanks.

0
Comment actions Permalink

Sorry for delay.

Please try to specify fully qualified domain name in ntlm-config.properties file (ntlm.defaultDomain) or in the login page.

--
Pavel Sher

0
Comment actions Permalink

As I mentioned in my original post:  I've already entered "fully qualified domain name" on the login page in the format (DomainName\NetworkId)
I've also changed "ntlm-config.properties" file as you suggested and tried with or without fully qualified domain name on the login page.  Same result.  Same error.

Also same error in teamcity-server.log

[2008-12-02 10:59:34,550]  WARN -  jetbrains.buildServer.SERVER - Login failed, error: javax.security.auth.login.LoginException: jcifs.smb.SmbException:
jcifs.util.transport.TransportException: Connection timeout
at jcifs.util.transport.Transport.connect(Transport.java:178)

.....
.....
.....

I'm not sure what TC is trying to connect to and why "connection timeout".  Domain Controller?  Something else?
Should I uncomment "ntlm.compatibilityMode=true" in ntlm-config.properties?  Or leave it alone?

Need more ideas please.  We will most likely buy enterprise license but without windows authentication working - its a show stopper.
Please advice.

0
Comment actions Permalink

Yes, TeamCity tries to connect to domain controller to check your authorization parameters. It uses SMB protocol for that, but it seems that it can't connect to domain controller, probably there is a firewall?
You can also try to enable compatibility mode, in this case TeamCity will use native library to authenticate in the domain.

--
Pavel Sher

0
Comment actions Permalink

Great!
"ntlm.compatibilityMode=true" fixed the issue.

I'm pretty sure there are all kinds of firewalls and hops and "what have yous" on our network.  It is indeed extremely large.

Anyways, it is working now.  Thanks much!

Issue resolved.

0
Comment actions Permalink

Yep we just suddenly started getting this today too (running the latest version)!


[2011-10-07 14:24:30,261]   WARN -   jetbrains.buildServer.SERVER - Login for user sc\***** failed: jcifs.smb.SmbException: Failed to connect: sc/109.239.101.62
jcifs.util.transport.TransportException: Connection timeout
 at jcifs.util.transport.Transport.connect(Transport.java:178)
 at jcifs.smb.SmbTransport.connect(SmbTransport.java:297)


In the end, the switch to to "ntlm.compatibilityMode=true" fixed the issue.

But it had been working for weeks absolutely fine.

0

Please sign in to leave a comment.