Reputation: 191
Active Directory authentication on Weblogic application server with unknown error cause
We've encountered an authentication error on our Weblogic application server (in production environment) while trying to authenticate an user with valid credentials (these credentials are hard coded in the application and this user is essentially used in order to access to technical resources such as web services). The authentication of this user is an automatic process for years, the credientials are hard coded and never change.
The error has never occurred before, and occured only for a while.
Here is the error coming from our application server logs (Weblogic) (the real user name has been replaced by XXX)
<Got AuthenticationException error while authenticating [family\XXX] to Active Directory.
<javax.naming.AuthenticationException:
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9,
comment: AcceptSecurityContext error, data 548, v1db1]> >
The error code 49 refers to a Invalid credentials error.
But as mentioned before, the user and password were valid.
And I can't found anything about the mentionned Active Directory error (here data 548)
Usually, when a Invalid credentials exception occurs, it's due to a bad entered password by the user, and the log trace is as the following with a 52e error
The code 52e refers to invalid credentials
<Got AuthenticationException error while authenticating [family\XXX] to Active Directory.
<javax.naming.AuthenticationException:
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9,
comment: AcceptSecurityContext error, data 52e, v1db1]> >
The error code 52e refers also to invalid credentials from Active Directory error codes list, but this error is common and understood (wrong credentials given by the user)
I'm more concerned by the error code 548 , which seems to never be documented or even mentioned in search engines results...
See list of Active Directory error codes
By the way, our internal technical support hasn't found any trace of a such problem in the system logs.
Any ideas?
Upvotes: 2
Views: 2489
Answers (2)
Reputation: 191
The error code 548 (0x548, or 1352 after hexa to decimal conversion) seems to refer to the following Windows error code :
Error 1352 : ERROR_INVALID_SERVER_STATE
The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation.
Documentation of Windows error 1352 - 0x548
According to the following referential, this should be the cause of the problem (the error codes and descriptions seem to match with Active Directory and LDAP error codes)
Upvotes: 2
Reputation: 4100
Since you seem to be using domain\user format for the bind DN, I wonder if the 548 error (which is new to me as well and I would love to know its meaning if you ever find it) has to do with the SASL style bind that implies.
Could you try binding with a proper DN format and see if that makes a difference?
Upvotes: 0
Related Questions
- User failed to be authenticated in WebLogic
- Double authentication issue for REST web service deployed in WebLogic
- remote weblogic server identity exception
- web application deployment in weblogic failure : Proxy authentication failure
- Active Directory Authenticator & user must change password
- Authenticate weblogic security realm user against LDAP fails
- Weblogic LDAP error address in use
- javaee, Weblogic, LDAP authenticator
- Weblogic 11g Create new User exception
- Spring Security LDAP on Weblogic Server