000039114 - Manual login fails using RSA Archer Domain User accounts

Document created by RSA Customer Support Employee on Jul 21, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000039114
Applies To
RSA Product Set: RSA Archer
   RSA Version/Condition: All
IssueArcher domain users are unable to login manually (URL = BaseUrl/default.aspx?manuallogin=true) even though the Allow Manual Bypass option is enabled in Archer Control Panel.  Error message states: We were not able to log you on to the system: Unable to validate user account.

User-added image

Sample exception from Archer w3wp log file:

      <TraceRecord Severity="Error" xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord">
        <Description>Unable to find the user</Description>
          <ExceptionType>System.ApplicationException, mscorlib, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType>
          <Message>Unable to find the user</Message>
          <StackTrace>   at ArcherTech.Kernel.Brokers.UsernamePasswordPlugin.ValidateCredentials(AuthenticationPluginContext authenticationContext)</StackTrace>

CauseBy default, Archer does not actually keep a copy of the AD passwords.  It only authenticates users against the Active Directory server itself every time.  If you check the password field for the AD users in Archer under Access Control > Users, notice that the password field is blank.

When an LDAP user is created, a random password is assigned to the user. This is why the password has to be reset.
  1. Go to Administration > Access Control > Users.
  2. Open the domain user account.
  3. In Account Maintenance section, click the Change Password link and set password.