Automic Workload Automation

 View Only
  • 1.  AWI: received a NTLM ticket instead of a kerberos ticket

    Posted Dec 06, 2018 08:40 AM

    I am running the AWI in a Platform-as-a-Service (PaaS) application cloud. Recently, I pushed the AWI to the cloud again, and discovered that Kerberos-based single sign-on (SSO) stopped working. I have compared working and non-working apps to try to find out where the problem is originating.

     

    There is a message in both logs:

    Requesting Authentication from client.

    After this message, the working app shows this message:

    received a kerberos token that appears to be valid

    The not-working app shows this message instead:

    received a NTLM ticket instead of a kerberos ticket. This can happen if the client is not in the same domain. Disable SSO for current user and downgrade to ECC authentication.

     

    I enabled kerberos debugging by adding the following to JAVA_OPTS: '-Dsun.security.krb5.debug=true'. I can see in the log that the krb5 debug option is enabled, but I was not able to see any additional Kerberos debugging messages in the log.

     

    I think something might have changed in the buildpack I'm using to push the app (java_buildpack), but I'm not sure what. Any ideas?



  • 2.  RE: AWI: received a NTLM ticket instead of a kerberos ticket

    Posted Feb 23, 2023 07:43 AM

    did you resolve the issue? I am getting the same error in Version 21.04. HF1

    error:

    2023-02-23 12:15:57,131 penssl-nio-8443-exec-1 [DEBUG] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0   [com.uc4.ecc.plugins.
    login.behaviours.kerberos.KerberosSSORequestHandler] - received a NTLM ticket instead of a kerberos ticket. This can happen
     if the client is not in the same domain. Disable SSO for current user and downgrade to ECC authentication.
    2023-02-23 12:15:57,131 penssl-nio-8443-exec-1 [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0   [com.uc4.ecc.framewor
    k.entrypoint.vaadin14.V14Session] - + locked 79DFEA23814D7B77ABF583108E8B2B38 java.util.concurrent.locks.ReentrantLock@2343
    cd7a[Locked by thread https-openssl-nio-8443-exec-1]  --- holdcount: 1
    2023-02-23 12:15:57,132 penssl-nio-8443-exec-1 [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0   [com.uc4.ecc.framewor
    k.entrypoint.vaadin14.V14Session] - - unocked 79DFEA23814D7B77ABF583108E8B2B38 java.util.concurrent.locks.ReentrantLock@234
    3cd7a[Unlocked] --- holdcount: 0
    2023-02-23 12:15:57,315 pool-1-thread-1        [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0  +1 [com.uc4.webui.comm
    on.timer.Sleep] - Operation failed. retrying in 377 ms
    2023-02-23 12:15:57,315 pool-1-thread-1        [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0  +1 [com.uc4.webui.comm
    on.timer.Sleep] - Sleep waiting for 377 ms
    2023-02-23 12:15:57,692 pool-1-thread-1        [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0  +1 [com.uc4.webui.comm
    on.timer.Sleep] - Operation failed. retrying in 610 ms
    2023-02-23 12:15:57,692 pool-1-thread-1        [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0  +1 [com.uc4.webui.comm
    on.timer.Sleep] - Sleep waiting for 610 ms
    2023-02-23 12:15:58,303 pool-1-thread-1        [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0  +1 [com.uc4.webui.comm
    on.timer.Sleep] - Operation failed. retrying in 987 ms
    2023-02-23 12:15:58,303 pool-1-thread-1        [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0  +1 [com.uc4.webui.comm
    on.timer.Sleep] - Sleep waiting for 987 ms
    2023-02-23 12:15:59,290 pool-1-thread-1        [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0  +1 [com.uc4.webui.comm
    on.timer.Sleep] - Operation failed. retrying in 1597 ms
    2023-02-23 12:15:59,290 pool-1-thread-1        [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0  +1 [com.uc4.webui.comm
    on.timer.Sleep] - Sleep waiting for 1597 ms
    2023-02-23 12:16:00,887 pool-1-thread-1        [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0  +1 [com.uc4.webui.comm
    on.timer.Sleep] - Operation failed. retrying in 2584 ms
    2023-02-23 12:16:00,887 pool-1-thread-1        [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0  +1 [com.uc4.webui.comm
    on.timer.Sleep] - Sleep waiting for 2584 ms
    2023-02-23 12:16:03,471 pool-1-thread-1        [ERROR] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0  +1 [com.uc4.ecc.plugin
    s.login.behaviours.kerberos.KerberosLoginBehaviour] - Login Type == Kerberos, but no Token Provider is given or no Token is
     present!
    java.lang.RuntimeException: java.lang.IllegalStateException: No Kerberos Token is present!
            at com.uc4.webui.common.timer.Sleep.retry(Sleep.java:69)
            at com.uc4.webui.common.timer.Sleep.retry(Sleep.java:77)
            at com.uc4.ecc.plugins.login.behaviours.kerberos.KerberosLoginBehaviour.updateSSOToken(KerberosLoginBehaviour.java:
    125)



    ------------------------------
    Dominic I
    ------------------------------



  • 3.  RE: AWI: received a NTLM ticket instead of a kerberos ticket

    Posted Feb 23, 2023 11:22 PM

    The issue got resolved.



    ------------------------------
    Dominic I
    ------------------------------