DataNow Windows client not connecting after enabling Single Sign On (SSO) via Environment Manager

Version 1

    Verified Product Versions

    AppSense Environment Manager 8.6AppSense DataNow 3.6AppSense DataNow 3.5AppSense DataNow 3.0AppSense DataNow 4.0AppSense DataNow 4.1

    Introduction

    After using the Environment Manager's DataNow action to set Single Sign On the user is not automatically logged into DataNow.

    Detail

    DataNow requires additional configuration for SSO to work correctly. The easiest way to accomplish this is via the DataNow ADMX template - see Configuring DataNow Single Sign-on (SSO) for further details

    If the additional configuration has been completed and single sign-on still is not working as expected, please refer to the section below for log analysis recommendations.

     Troubleshooting NTLM SSO:

    The first port-of-call is to capture a boot-up and log in with client trace logging enabled (http://www.appsense.com/kb/150622789453690). 

    The following log lines can assist with analysis:

     

    CConfiguration::GetUsername  Username: [username@domain]

    This event is seen when DataNow reads the username from the registry (ensure the syntax is in the format username@domain rather than domain\username)

     

    CUser::ReAuthLoginThread Retry Limit:4, Interval:30000, Count:-1

    This event is seen when DataNow is retrying authentication. The count of '1' indicates a previous login attempt failed *Important* (DataNow 2.x only) By default we only attempt to login 4 times at 30 second intervals if we're unable to log in. For example, if a user logs into a laptop with no network connectivity to the Appliance, DataNow will display a 'grey' icon. If the user remains disconnected for >2 minutes (4 retries 30 seconds apart) and then enables wireless, DataNow will not login since the default max retries have been exceeded. This behaviour can be modified by the AuthRetryLimit engineering setting. When set to zero, DataNow will not time out.

     

    CUser::SetIsLoggedOn Changing LoggedOn State from [0] to [1]

    This event is seen when a user has successfully logged on

    Additional SSO logging can be enabled via configuring the following registry setting:

    Key: HKEY_LOCAL_MACHINE\Software\AppSense\DataNow

    Value Type: REG_DWORD
    Value Name: SSOLogging
    Value Data: <any non-blank value>

    Password filter logs are output to c:\temp\dnlogin.txt (path created automatically)