2 Replies Latest reply on Sep 16, 2018 1:59 AM by Julian Wigman

    TouchPaper Services are failing to logon under SYSTEM Account

    JWilson-Hogg Rookie

      Hello all,

       

      First please accept my apologies, i am very new to LANDesk (not even a 100% sure which version we have, it doesn't have a password configuration utility if that helps), i have used it as a member of my team, but never have i ever seen it in development.

       

      Second, i really need some help and if any answers could be in a EIL5 (Explain it like I'm 5) that would be appreciated.

       

      So, our Service Delivery Manager is currently on leave for 3 weeks and he is the only person in our entire organisation that knows anything about LANDesk and its inner workings. The day he leaves all inbound and outbound mail fails to work, no jobs are being logged inbound, all notes/resolutions are not being sent outbound. Doesn't seem like a big deal, but we have relied very, VERY heavily on this part of the application for many reasons. So in order to try and fix this my self i have attempted the following (after days of googling);

       

      - Restarting all Services (MULTIPLE TIMES)

      - Restarting all Servers

      - Enable Logging on the service (doesn't really pick anything up)

      - Finally found where the "Configuration Center" Web page is and how to access it

      - Found the password to the "SA" account

      - Checked the Event Log for Application and all i get is the below;

       

      TouchpaperException

      Touchpaper Error Code: Exception.Authentication.LogonFailed (-2147218680)

      Logon failed

       

       

      Stack Trace:

         at Touchpaper.Framework.SystemServices.Authenticator.ValidateCredentials(ITpsCredentials tpsCredentials, Boolean isAnonymous)

         at Touchpaper.Framework.SystemServices.Authenticator.AuthenticateLogon(ITpsSession tpsSession, ITpsEnvironment environment, ITpsCredentials tpsCredentials, Boolean isAnonymous)

         at Touchpaper.Framework.SystemServices.Authenticator.Logon(ITpsSession tpsSession, ITpsEnvironment environment, ITpsCredentials tpsCredentials, Boolean isAnonymous)

         at Touchpaper.Framework.SystemServices.SoapExtensions.CombinedExtension.AuthenticateRequest(SoapServerMessage message)

         at Touchpaper.Framework.SystemServices.SoapExtensions.CombinedExtension.ProcessServerMessageAfterDeserialize(SoapServerMessage message)

         at System.Web.Services.Protocols.SoapMessage.RunExtensions(SoapExtension[] extensions, Boolean throwOnException)

         at System.Web.Services.Protocols.SoapServerProtocol.CreateServerInstance()

         at System.Web.Services.Protocols.WebServiceHandler.Invoke()

         at System.Web.Services.Protocols.WebServiceHandler.CoreProcessRequest()

       

      - Made sure all services are running under the system account

      - I can not access the LANDesk console, if i try and use the "SA" account, i get error;

       

      Response from services;

       

      Logon Failed

       

      - Checking the logs in the directory: "C:\ProgramData\LANDESK\ServiceDesk\Touchpaper.Framework\Logfiles" i get the error (nothing to do with SA);

       

      Authentication

      Authenticate User Logon at 2018-09-14 15:34:54.785

      Logon Policy: ExplicitOnly

      User Name: System

      User Guid: 00000000-0000-0000-0000-000000000000

      Password:

      Windows Principal (used for Integrated Logon):

      Network Logon Hash (used for Integrated Logon):

      Is Integrated Logon: False

      Is Interactive: False

      Logon Status: Explicit

      Group Name:

      Group Guid: 00000000-0000-0000-0000-000000000000

      Reason for Logon Failure: UserNameNotInDatabase

      FAILED

      Logon failed

       

      Any help would be greatly appreciated, our LANdesk developer is not coming back for 3 weeks and hasn't created any documentation, he is in the process of moving everyone to a newer developed version so we currently have 2 sets of servers so trying to find anything is a nightmare

        • 1. Re: TouchPaper Services are failing to logon under SYSTEM Account
          Julian Wigman ITSMMVPGroup

          JWilson-Hogg

           

          Given you are totally new to the product and wont know your way around it without a lot of hand-holding to troubleshoot this in your colleague’s absence, I think the best thing I should propose if for you to open a new case with your Support provider and let them do a joint remote control session with you to help sort. 

           

          Otherwise I feel that by following instructions here you could get into even more of a “pickle” here and wouldn't be “flavour of the month” with your colleague when they return in a few weeks.

           

          Julian

          MarXtar Ltd

          • 2. Re: TouchPaper Services are failing to logon under SYSTEM Account
            Julian Wigman ITSMMVPGroup

            Whilst the Service Desk “SA” account password could have changed, it is highly unlikely that this will be the cause despite indications that could suggest it in the event log.

             

            If you can login to ConfigurationCenter (note the “SA” account here is NOT THE SAME as the one used to log in to the Console so passwords aren't necessary the same though conventional to set them the same) then you will notice the all services and web applications each run under one or more  IIS “Application Pools”; you should always create and update these settings in ConfigurationCenter (CC) and not directly in IIS though otherwise things get out of step.

             

            So the issue that creates errors like this is that these (one or more) Application Pools will be setup to log in with Credentials linked to an Active Directory service account and I’m guessing the password on this account has been changed/expired or the account removed or disabled by your team that look after your AD services. 

             

            I still think having a remote control session with Ivanti Support is recommended if you are novice or nervous about troubleshooting this but first check the Application Pool (AP) name being used by the affected service in CC and then right-click that AP in CC and It’ll show you what user it is trying to logon as.  Then I’d recommend talking to your AD team to check the status of this account and whether it is still “active”. 

             

            Julian

            MarXtar Ltd