• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

cfntauthenticate not working after moving website to new server

New Here ,
Feb 20, 2023 Feb 20, 2023

Copy link to clipboard

Copied

Hello.

 

I've got a website that uses cfntauthenticate to authenticate users.

It's been working great, but after moving the website to a new server it's suddenly stopped working.

When trying to authenticate, this is the error message I get:

javax.servlet.jsp.JspException: coldfusion.security.BadUserNameException: The user name or group name <username> is invalid in domain <domain>.

The error message sort of makes it seem like there something wonky going on in the connection between the server and the domain controller, but I'm not sure.

 

Old and new server is in the same domain.

Can't find anything related to this in the logs.
It's even working when I develop locally on my laptop.

 

I've tried to do some googling, but haven't really been able to find anything.

Anyone here got any ideas on what the issue could be?

 

(Originally we were using cfldap, but after migrating to using cfldap with starttls, we were seeing intermittent login errors (e.g. your first login would fail, but the second would be successful))

TOPICS
Security , Server administration

Views

555

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 20, 2023 Feb 20, 2023

Copy link to clipboard

Copied

Compare the scenario that works with the one that doesn't, ensuring that:

  1. The username is valid.
  2. You enter the username and domain name in the same way in both scenarios. 
  3.  ColdFusion is running as a user with sufficient rights to authenticate other users in the domain. 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Feb 21, 2023 Feb 21, 2023

Copy link to clipboard

Copied

  1. The username is valid - works fine on old server.
  2. Same exact form on both sites.
  3. The same account is running the ColdFusion services on both servers.

 

So I'm a bit lost 😕

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 21, 2023 Feb 21, 2023

Copy link to clipboard

Copied

Is it possible to log in manually on the problem server, using the same username and password?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Feb 21, 2023 Feb 21, 2023

Copy link to clipboard

Copied

Yeah I can RDP in to the server just fine, but the same credentials don't work with the cfntauthenticate tag (on the new server).

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 21, 2023 Feb 21, 2023

Copy link to clipboard

Copied

That suggests to me that there is something different between the two servers. Possibly a difference in either the Operating System or the ColdFusion version. So what is:

  1.  The Windows version? To see this, navigate to Start > Settings > System > About.  For example, on my system, I see this:
    BKBK_0-1676973570316.png

     

  2.  What is the ColdFusion version? To see this, open the ColdFusion Administrator and click on the green (i) button in the top right-hand corner.
    BKBK_1-1676974129854.png

     

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Feb 22, 2023 Feb 22, 2023

Copy link to clipboard

Copied

Sorry for taking a while to reply.

Regarding windows version, it's server 2019 vs 2022 (old/new).

So, old:

Windows Server 2019 Standard

Major  Minor  Build  Revision
-----  -----  -----  --------
10     0      17763  0

cfversion:

Version 	2021.0.02.328618 

----------------------------------------------

new:

Windows Server 2022 Standard

Major  Minor  Build  Revision
-----  -----  -----  --------
10     0      20348  0

cfversion:

Version 	2021.0.02.328618 


 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 23, 2023 Feb 23, 2023

Copy link to clipboard

Copied

I don't expect the difference in Windows version to be a problem. However, might it just be that ColdFusion's deprecation of cfauthenticate has kicked in on the new Windows version?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Feb 23, 2023 Feb 23, 2023

Copy link to clipboard

Copied

It doesn't seem like cfNTauthenticate  is deprecated?

I.e. cfNTauthenticate  != cfauthenticate.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 24, 2023 Feb 24, 2023

Copy link to clipboard

Copied

Oh, an oversight of mine. Please ignore. So, cfntauthenticate it is.

 

I have gone back, and have been experimenting with cfntauthenticate, but can't find any pointers yet.

 

What made me think of deprecation is the phrase

<username> is invalid in domain <domain>

 I am assuming that "<username>" and "<domain>" actually occur in the error message. If so, then my guess is that ColdFusion might not even be connecting with Windows Server 2022. Hence the use of default (placeholder) names "domain" and "username". That would imply some kind of disconnection between ColdFusion and Windows Server 2022.

 

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Feb 24, 2023 Feb 24, 2023

Copy link to clipboard

Copied

Ah, no, those are placeholders.

So the error is something like "thumbo is invalid in domain awesomedomain".

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Feb 28, 2023 Feb 28, 2023

Copy link to clipboard

Copied

OK. We can then move on.

Two points:

  1. Does ColdFusion run as a user with sufficient privileges to authenticate other users in Awesomedomain?
  2.  It may or may not be related to the current issue, but you should consider updating ColdFusion 2021.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Mar 02, 2023 Mar 02, 2023

Copy link to clipboard

Copied

LATEST
  1. It's running as Local System, same as on the previous server. (so what seems to be the default when you install ColdFusion on Windows)
  2. I feel like it shouldn't be related, but it's worth a try I suppose.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation