LDAP Authentication Err: Failed to compute the privilege for the user. socket closed

WillWhite1 · ‎03-08-2013

Hi All

I'm wondering if anyone has thoughts on an issue I am having with ArcGIS Server 10.1 SP1.

I am managing users via an LDAP server. If I am accessing mapservices or indeed Manager/Admin Directory from a browser, following after a period of inactivity (2 hours I think) I am unable to re-authenticate. I get a message saying that the user doesn't have permission to access. I need to clear the browser cache, or re-open the browser/clear cache in order to be able to re-authenticate.

In the server logs I am getting:

"Failed to compute the privilege for the user '<user>'. <ldapserver>:<port>; socket closed"

I dont think there are any firewalls between my ArcGIS Server and the LDAP server.

I am using a webadaptor, with web authentication.

Any thoughts on how to either extend this time out or remove it all together?

Thanks in advance

Will

DrewDowling · ‎08-14-2013

Started getting a similar error yesterday but we are using AD authentication not LDAP.

The arcserver install has been running fine for about 2 months then suddenly yesterday users could not log in. Problem lasted about 2 hours and then resolved itself. I checked the logs and found this error repeated for every failed login:
Failed to validate user credentials for the user 'xxxx'. <ip address of server>:389; socket closed.

Happened again this morning but is running fine now.

Anybody have any ideas?

Arcserver 10.1 SP1 on windows server 2008

harleypowers_parks · ‎08-20-2013

I was using a service account, this can get locked during configuration and produces same result. But it was working, so it maybe how much time it takes which I've also seen. However, when ldap is working secure services are not accessible thru web adaptor. Even in an http or https environment in 10.2. This is broken in 10.2, and works in 10.1. But 10.2 supports a mixed private/secure environment using 2 web adaptors. Which is why I'm trying to upgrade.
I'm considering using the custom config using java. I had some success using the windows domain...

DamianSlee · ‎08-28-2013

BTW, you can get public + Windows SSO with 2 web adapters working in 10.1 server. It is only a limitation of the Manager. If you go to the admin rest services page (what the manager uses), go to security for the folder or service that you want to make public, then add the "esriEveryone" text as the principle. Then that service/folder will be public. Essentially the issue with 10.1 mixed security is not that it doesn't support it, it is in the 10.1 Manager the Public tick box is greyed out.

MuryadiOey · ‎10-09-2013

I had similar situation with this when suddenly my application didn't work properly, after troubleshot, I found the error which made me think something was not right with a server that served as LDAP server. Re-run security connection from Server Manger fixed my issue. http://myarcgisserver.wordpress.com/2013/10/05/ldap-authentication-err-failed-to-compute-the-privile...

Thanks!

CharlieYe1 · ‎10-24-2013

I am having the same problem, but with Active Directory and version 10.2.

DanielBaternik · ‎10-30-2013

We are having the same issue.

ArcGIS Server 10.2
- SSL (OTB self-signed)
- Windows Domain for Users / Roles
- Web Tier Security

Web Adaptor
-Windows Authentication (NTLM as Provider, but also tried negotiate).

The result is my user's role's are not being respected. They can't access services that they have been given access to. The problem persists when i use SSL and when i don't.

This is clearly a serious product issue and my client is very frustrated.

StephanieSnider · ‎02-04-2014

We are having this issue as well. We are using ArcGIS Server 10.2 with Web Tier authentication using Windows Authentication through the web adaptor. Map services are running. I can connect to the rest services site and see services through the GIS Server. I can connect to the rest services site through the web adaptor but no services are available. It seems the web adaptor is loosing connecting to the Active Directory. The ArcGIS Server services seems fine. We have tried, restarting IIS and restarting the ArcGIS Server services. Neither work. Right now, our users have to login to access services when they shouldn't have to (using single sign on).

CharlieYe1 · ‎06-27-2014

Did this problem ever get resolved? We are using 10.2.2 and having the same problem with web tier windows authentication. It is definitely a show stopper.

We are having this issue as well. We are using ArcGIS Server 10.2 with Web Tier authentication using Windows Authentication through the web adaptor. Map services are running. I can connect to the rest services site and see services through the GIS Server. I can connect to the rest services site through the web adaptor but no services are available. It seems the web adaptor is loosing connecting to the Active Directory. The ArcGIS Server services seems fine. We have tried, restarting IIS and restarting the ArcGIS Server services. Neither work. Right now, our users have to login to access services when they shouldn't have to (using single sign on).

DrewDowling · ‎06-27-2014

Did this problem ever get resolved? We are using 10.2.2 and having the same problem with web tier windows authentication. It is definitely a show stopper.

In our case we were getting this error but with server tier authentication. Our problem was that the account that was entered to connect to and query AD was getting its password locked every 2 months per ITs security policy. We changed this account to not have its password expire and reran the security setup functionallity in ArcServer manager and the problem hasn't reappeared.