If users are experiencing problems authenticating via Defender, there are a number of possible causes, ranging from VPN issues through to individual token failures. To help identify the cause, the information below is useful to collect and send to One Identity Software Support, providing important contextual and diagnostic information.
Answers to the following questions can help you get the required information about the authentication issues:
Obtain the log files from the following location on the Defender Security Server:
%ProgramFiles%\One Identity\Defender\Security Server\Logs
Additionally, obtain user IDs of several affected users. These are required to locate information related to the affected users in the Defender log files. Make sure to obtain the user IDs, not the user names.
The default location for the Defender Security Server log files is %ProgramFiles%\One Identity\Defender\Security Server\Logs.
To analyse the Defender Security Server log files, take the following actions:
<Time> Radius request: Access-Request for <User Id> from <Client IP> through NAS:<Access Node Name> Request ID: <N/A> Session ID: <Unique Session ID>
Tue 18 Aug 2009 11:57:10 Radius Request from 192.168.10.106:2951 Request ID: 31
Tue 18 Aug 2009 11:57:10 Radius request: Access-Request for testuser from 192.100.10.106:2951 through NAS:WebMail Request ID: 31 Session ID: 8A89040F
Tue 18 Aug 2009 11:57:10 User testuser authenticated with Active Directory Password Session ID:8A89040F
Tue 18 Aug 2009 11:57:10 Radius response: Authentication Acknowledged User-Name: testuser, Request ID: 31 Session ID: 8A89040F
Message |
Meaning |
Recommended actions |
|
Incorrect token response. |
|
|
User’s account is locked in Defender. |
Use the Defender Administration Console to reset violation count for the user. |
|
Incorrect Active Directory password. |
Verify the correct password is being entered. |
|
Session timed out while waiting for user response. |
Verify connectivity between the client and the Defender Security Server on the configured RADIUS port. |
Radius response: Authentication Rejected User-Name: testuser |
This message can be caused by one of the following:
|
|
|
Active Directory search has failed. This can happen if, for example, the child domain is unavailable. |
Verify that the Defender service account has sufficient permissions or is a member of the Domain Administrators group. |
|
The Defender service account does not have sufficient permissions in Active Directory to update the user’s token information. |
Verify that the Defender service account has sufficient permissions or is a member of the Domain Administrators group. |
If Step 1: Gather required information and Step 2: Analyze Defender Security Server log have not resolved the issue, further diagnostics may be required, including collecting environmental details and tracing. Contact One Identity Support for advice on how to enable tracing. You will need to provide the version number of the Defender Administration Console and Defender Security Server you are using. Normally, you can find the Defender trace files in the following location: %ProgramData%\One Identity\Diagnostics.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Términos de uso Privacidad