000039065 - RSA Archer cannot log into Archer with any account including sysadmin after Archer update/installation

Document created by RSA Customer Support Employee on Jul 1, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000039065
Applies ToRSA Product Set: RSA Archer
RSA Version/Condition: 6.X
 
IssueAfter updating Archer or performing a new install they are unable to log in to Archer with any account including sysadmin account and get the following error in Archer w3wp logs.
 

E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
    <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
        <EventID>0</EventID>
        <Type>3</Type>
        <SubType Name="Error">0</SubType>
        <Level>2</Level>
        <TimeCreated SystemTime="2020-04-28T17:05:28.9187584Z" />
        <Source Name="Archer.Web" />
        <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
        <Execution ProcessName="w3wp" ProcessID="856" ThreadID="16" />
        <AssemblyVersion>6.7.201.1004</AssemblyVersion>
        <Channel />
        <Computer>XXXXXXX</Computer>
    </System>
    <ApplicationData>
        <TraceData>
            <DataItem>
                <TraceRecord Severity="Error" xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord">
                    <TraceIdentifier>Archer.Web</TraceIdentifier>
                    <LogReferenceId>042820-170528-9177</LogReferenceId>
                    <Description>Login failed for user ''DOMAIN\XXServerNameXX'.
SQL statement: usp_get_ldap_config_list </Description>
                    <AppDomain>/LM/W3SVC/1/ROOT-1-132325671033049729</AppDomain>
                    <Exception>
                        <ExceptionType>ArcherTech.Kernel.Providers.Data.ArcherDbException, ArcherTech.Kernel.Providers, Version=6.7.201.1004, Culture=neutral, PublicKeyToken=null</ExceptionType>
                        <Message>Login failed for user 'DOMAIN\XXServerNameXX'.
SQL statement: usp_get_ldap_config_list </Message>
                        <Source>ArcherTech.Kernel.Providers</Source>
                        <StackTrace>   at ArcherTech.Kernel.Providers.Data.ArcherSqlDatabase.WrapDatabaseCall(DbCommand command, Action methodToWrap)
   at ArcherTech.Kernel.Providers.Data.ArcherSqlDatabase.ExecuteReader(DbCommand command)
   at ArcherTech.Kernel.DataSource.Db.DataSourceBase.PopulateIds[T](DbCommand command, Func`2 mapDelegate)
   at ArcherTech.Kernel.DataSource.Db.UserDataSource.GetAllDomainIds()
   at ArcherTech.Kernel.Brokers.SessionlessBroker.GetDomains(Boolean filterDeletedDomains)
   at ArcherTech.Kernel.Utility.ManagerHelper.WrapCode[T](ManagerEventIdentifier managerEventId, String instance, ManagerMethodWrapper`1 wrapped)
   at ArcherTech.Kernel.Managers.UserManager.GetDomains(String instanceName, Boolean filterDeletedDomains)
   at ArcherTech.Web.Modules.Foundation.Views.DefaultPresenter.LoadDomainList()
   at ArcherTech.Web.Modules.Foundation.Views.DefaultPresenter.OnViewLoaded()
   at ArcherTech.Web.ArcherTechPage`2.OnLoad(EventArgs e)
   at Security2000.Default.OnLoad(EventArgs e)
   at System.Web.UI.Control.LoadRecursive()
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)</StackTrace>
                    </Exception>
                </TraceRecord>
            </DataItem>
        </TraceData>
    </ApplicationData>
</E2ETraceEvent>
CauseThe App Pool running the Archer applications in iis is using a different account than what is being used to access the database and run the services. 
 
ResolutionChange the App Pool that is running the Archer site in iis to run as the service account.
  • IIS > Application Pools 
  • Select App pool running Archer applications
  • Go to Advanced settings in actions window
  • Change the identity to the service account along with its credentials
  • Click ok and perform iis reset

Attachments

    Outcomes