My Oracle Support Banner

ESSO-LM Authentication Fails After Users Are Migrated To A New Windows Active Directory Domain (Doc ID 2642570.1)

Last updated on AUGUST 18, 2021

Applies to:

Oracle Enterprise Single Sign-On Suite Plus - Version 11.1.2.3.1 and later
Information in this document applies to any platform.

Symptoms

Oracle Enterprise Single Sign-On: Logon Manager

ESSO-LM Authentication fails after users are migrated to a new Windows Active Directory domain. 

Users are configured in ESSO-LM 11.2.3.1 to connect to a Microsoft AD-LDS repository for synchronizing their ESSO vGOUserData. The users are being migrated from the existing Active Directory domain to a new domain. The new AD-LDS server repository is also a member of the new Active Directory domain to which the users are being migrated. 

ESSO-LM is failing to authenticate after a user is migrated from the existing domain (Domain 1) to the new domain (Domain 2). ESSO attempts to authenticate the user in the old domain (Domain1) at start up time, but since the user has been removed from the old domain, the agent fails to start and user cannot authenticate and login to multiple applications.


ERROR

"The logon process was not successful. Please recheck your password and try again".


STEPS TO REPRODUCE

  1. User is currently enrolled in Domain 1. The ESSO is configured to synchronize with an AD-LDS repository in Domain 2.
  2. User is then migrated to Domain 2 and is removed from Domain 1.
  3. User is issued a brand new machine in Domain 2 with ESSO installed and configured to synchronize to the same AD-LDS repository server in Domain 2. 
  4. User logs onto the Domain 2 and receives ESSO Windows Authenticator V2 prompt to enter the windows password for the Domain 1 (showing in grayed-out state).
  5. User enters the password and receives error -> "The logon process was not successful. Please recheck your password and try again".

BUSINESS IMPACT
Due to this issue, users cannot authenticate to the ADLDS repository after being migrated to a different Active Directory domain.

Changes

 Users are migrated from Microsoft Active Directory Domain 1 to a new Microsoft Active Directory Domain 2. 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.