Can not login to Orchestrator with Windows Active Directory User accounts

Hi, I’ve installed 2 Orchestrator nodes for my client. I enabled Windows Authentication while installing. I could successfully add directory users into the Orchestrator and assigned their roles. However, when I tried to login to Orchestrator using the directory user accounts, the Windows Security dialog kept popping up after I clicked the OK button, and after 3 times, it will redirect to the login page again.
I can be sure that the credential was correct. I just don’t understand where I was doing wrong. So please give me some advice, thanks!

1 Like

@Jo.Ou

Can you check the event viewer, is it throwing any error?

Thanks

@Jo.Ou

Hey do you see any error on login page or server error #500

Hi, that is the most weird part. No events generated in the event viewer when I tried to login.

No, no any error info.

@Jo.Ou

I would request you to try using admin on default tentant

admin is fine. I have 2 tenants, both of which couldn’t make directory user accounts login successfully.

@Jo.Ou
That’s what i am saying, do not login as a normal user.’

Login as a Host, for which user name is admin and password is what you have set it to., Change default tenant

Hi @Lakshay_Verma
I’m sorry but I don’t quite understand what you request this for. I could login as Host, and also login to default tenant. But what does this do with the directory user account login?

@Jo.Ou

Hey,

While installing Orchestrator, a host admin , which is also known as a System Administrator , is created. The host admin has rights to create new tenants, change application settings and audit password changes, create, update, register, and delete actions on settings, tenants, and users. The Profile page enables host admins to change their general information and password, as well as view the last login attempts with the current credentials.

The Default tenant is also automatically created when installing Orchestrator, as your first tenant. Each tenant has a tenant admin , created as a local user which has the Administrator role. The tenant admin cannot be deleted or disabled, but you can edit its information in the Users page.

Please have a look on this page. UiPath

Hi @Jo.Ou
Seems like you have to check 2 things ,
1 . Check you have correctly enabled all things for windows authentication (specially web.config file )

2 . If you have done all the things in above , its seems like windows security level ,
go to your Internet option in your browser and make trust this site

Hi @Maneesha_de_silva, Thanks for replying.
1.Yes, I’ve enabled all the things mentioned in that post.
2. The site has already been added into the trusted sites, but still the same.

[Deleted my previous post as my findings seems wrong.]
I encounter same problem as @Jo.Ou , but on my side the problem occurs only on one machine (the one where the orchestrator is installed, i don’t know if it is a coincidence or not). I’ve tested with IE and firefox to be sure, same problem.

When trying to login with the exact same AD account on other machines (both IE or firefox), the login works fine, so it seems to me there is no problem of orchestrator <> AD configuration…
(i’ve tried to empty the browser cache, no success)

Hope it helps to find the solution :neutral_face:

It’s too late to comment on this post, but during installation of single node orchestrator on one of the server, my Oauth is enabled by default or i would say set to True, I faced similar error, after setting it back to false, my issue was fixed… It might be helpful

No, it’s not late. It’s just about time. Now we can login using the URL https://servername with AD accounts, but we still can’t login using the URL https://domainname. The client is using Nginx for load balance and I can be sure that this was due to the Nginx settings problems. However, I have no idea how to cinfigure the Nginx settings for integrating Windows Authentication.

And one more thing, how to disable the OAuth please?

@Jo.Ou

image

Well, I don’t have this settings in my config settings, so I think I should keep focused on Nginx settings for my case. Thank you still.