So i came in to work today and try to log on to my ArcGIS server site with my domain account and got the following error
"Failed to return user store. For input string: "8997:266::8997:266"
So i log on with my primary psa account and to see whats up...after poking around it seems for some reason the site can not find any of the users in the our domain.
So i go to the Config Store in the security settings and test the connection.
what i get now is
"Testing the connection failed. Please verify that you can connect to the Windows domain outside of ArcGIS Server using the username and password values you entered in the input boxes below.
For input string: "8997:266::8997:266"
So some where between last night and this morning i can not connect to the domain and can not bring and users in.
Any thoughts as to what is going on?\
ArcGIS for Server 10.3, Server 2012 R2
From the logs...
<Msg time="2015-08-06T11:35:58,528" type="SEVERE" code="6581" source="Admin" process="2948" thread="1" methodName="" machine="AFGIS.AD.FULLERTON.EDU" user="" elapsed="">Failed to validate user credentials for the user 'AD\raclark'. Failed to return user store. For input string: "8997:266::8997:266"
<Msg time="2015-08-06T11:36:04,323" type="SEVERE" code="6619" source="Admin" process="2948" thread="1" methodName="" machine="AFGIS.AD.FULLERTON.EDU" user="" elapsed="">Failed to return user store. For input string: "8997:266::8997:266"
This is my current error code. it comes up when i try to switch to the windows domain for users....
<Msg time="2015-08-06T12:05:14,665" type="WARNING" code="7270" source="Admin" process="2948" thread="1" methodName="" machine="AFGIS.AD.FULLERTON.EDU" user="" elapsed="">Unable to connect to the identity store using the supplied parameters. Verify that you can connect to the identity store outside of ArcGIS Server using the same parameters. For input string: "8997:266::8997:266"
And today when i come in an test it. It works. So i am guessing something on the IT side and not ESRI but i would still love for ESRI or anyone to weigh in on what is going on.
So still every thing seems to be working. Best guess is that it was something on the IT side and problems with the AD server.
Check to see if the password expired for the user that is registered to access your domain users. If so, you will need to update the security connection passwork (In AGS admin/manager). I had a similar problem (different error message) happen every time I had to update my password (which I was using to connect).
Worth a check anyway.
Same problem here.
Did you do any AGS upgrade lately?
I did from 10.2.2 to 10.3.1 and now having issues. may be a coincidence but ESRI Tech says nothing was changed from 10.2.2 to 10.3.1 for user authentication.
Restarting server corrects the issue temporarily but seems to return a day or two later.
Basically the map server cannot authenticate me or any other domain user to the domain.
Could possibly be a stealthy Windows upgrade issue.
Any thoughts on how to troubleshoot?
Nope not an upgrade. fresh install.
We are the first department on Campus to even be using security measures for the Server site.
Yeah i tried that. I think i even went as far as to uninstalling the server and it fixed it for about a day or two.
I am trying not to get IT involved or at least if i have to i know what to ask them (they dont do well with open ended questions).
So given how common this problem seems to be i am hoping someone who has experienced has found a solution or can at least tell what to ask IT.
But if i was going to ask IT what would i ask them?
Not sure yet.
I am a GIS coordinator in IT so I have my NetAdmin's ear and they are very willing to work with me on this.
I have reopened my ESRI support request and asked to have a developer talk with my Net Admin.
We don't think it is necessarily a problem with 10.3.1 but something has changed on our end.
If we can get ESRI to describe HOW they authenticate it may give us a clue.
I would love to know what if anything you come up with. the best answer i have gotten so far was on my /r/gis post.
Some one there said it was probably the domain server and check if IT to see if they had any problems.
Which makes kind of makes sense now that every thing is working again.
Thanks for your time.
We got it solved here.
Somehow the map server machine had the Windows Tunnel Adapter 6TO4 enabled.
So in simple terms, it wanted to call other machines (the DC) by IPv6 name not our current IPv4 name.
Run an ipconfig /all and take a look at the results.
If you see Tunnel Adapter 6TO4 that very well may be your issue.