Symptoms

A Desktop Laptop (DTLT) session reports as expired from any client, using any browser: Your Avamar client's session has expired. To start a new session, close your web browser and launch a request from the system tray or menu bar icon. The DTLT trace log (/usr/local/avamar-tomcat/logs/DTLT_Trace.log reports the following error: 2017-03-01 17:04:47,493 ERROR [ajp-bio-8109-exec-3]-actions.DTLTTopLevelAction: U n e x p e c t e d l o g i n e x c e p t i o n javax.security.auth.login.LoginException: adc-XXXX.domain.com: Name or service not known at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source) .. 2017-03-01 17:20:15,959 ERROR [ajp-bio-8109-exec-6]-auth.JaasLoginModuleUserAuth: Invalid Login javax.security.auth.login.LoginException: adc-XXXX.domain.com: Name or service not known at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source) at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) Testing the Lightweight Directory Access Protocol (LDAP) login for an LDAP admin account in the Avamar UI reports the following types of errors: To test the LDAP login of an LDAP admin account from the Avamar UI: a. Administration b. LDAP Management c. Directory Service Management d. Test e. Enter the LDAP credentials.

Cause

The cause is likely one of the following: A problem with the Lightweight Directory Access Protocol (LDAP) or Kerberos version 5 (Krb5) configurations on the Avamar gridThe file /usr/local/avamar/etc/ldap.properties is configured incorrectlyThe LDAP account was not successfully authenticated with the Avamar grid

Resolution

1. Confirm that the /usr/local/avamar/etc/ldap.properties file is configured correctly. Sample: ldap.url.domain.com=ldap\://abc-XXXX.domain.com\:389 ldap.qualified-name-default=domain.com ldap.search.results.per.page=1000 mcgui.trace=true ldap.identifier.adani.default=domain References for LDAP configuration file can be found in the Administration Guides and Product Security Guides for the version specific to the environment. The following articles may also assist: Avamar: How To Configure LDAP from scratch (group based) Avamar: How to configure secure or nonsecure LDAP 2. Ensure that the LDAP server can be pinged from the Avamar grid and vice versa. 3. Ensure that telnet to both the LDAP server and Avamar grid on port 389 is working. 4. Test the LDAP login of an LDAP admin account from the Avamar UI: a. Administration b. LDAP Management c. Directory Service Management d. Test e. Enter the LDAP credentials. For "Authentication Fails" or any other authentication-related errors, reset the LDAP admin password within Active Directory and rerun the test. For the "Clock Skew too great" error, see Avamar: How to configure NTP on an Avamar multinode grid using the asktime utility. If issues persist, create a Swarm with the Avamar SER team for assistance.

Support Cases