Authentication Failed after User Entered Correct Password – TEKLYNX CENTRAL Problem Article

Summary

This article provides an explanation and work around when, in a very specific situation, the Web Printing user authentication will fail when the user has to enter the password manually.

Symptoms

When the system is set to have the user enter the password for Windows Authentication and the user enters a correct AD password, he still gets the UMSS Error ‘Invalid user name or password’.

Explanation

How Windows Authentication (by Default) Works

When the TEKLYNX CENTRAL system is set to use Windows Authentication with the default configuration, (without prompting the user to enter a password), it checks the UMSS database for a matching User ID. If the User ID is found,  it then grants user the access to the Web Printing Interface.

What Changes When ‘Windows Authentication Password Prompt’ Option is Selected

When the Windows Authentication password prompt option is selected, the system will take the password that the user entered and send it to AD for verification.  If AD returns any errors, the system considers it as failed authentication and presents the user with the error message – ‘UMSS Error. Invalid user name or password‘.

Why It Fails

The ‘UMSS Error. Invalid user name or password.’ error message appears because the user attempting to log in does not have enough rights in Active Directory on the server that is hosting TEKLYNX CENTRAL.

When we looked deeper into the situation, Active Directory is sending to TEKLYNX CENTRAL an error message #1385 (The user has not been granted the requested logon type at this computer). The error indicates that the user cannot login to the server because he/she has not been granted the proper permissions on the server (this has nothing to do with access into TEKLYNX CENTRAL). However, the TC authentication that the system does was meant to check the validity of the user account/password for TC NOT for general Windows access to the server itself.

Solution

In the current state (TC v4.6), the user credentials entered must provide sufficient permissions in the server in Active Directory.  The workaround is to add the user or user group to allowed login locally on the TC server.  This is not desirable as it can prove to be a security risk.

TEKLYNX is considering making changes to the authentication mechanism to only check against relevant errors, not all, from AD.

Additional Comments

Issue Found: TEKLYNX CENTRAL v4.5 and v4.6 running on Windows 2012 R2

Updated on October 18, 2017

Was this article helpful?

Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
Contact Support