Authorization Failed

Cannot Log In to Console

When a user launches the Console they may get the following error message: 

Authorization Failed: ControlUp Server was unable to validate the group membership of your user account. Please make sure that the security group configured for ControlUp access in Active Directory is in place or contact support@controlup.com for further assistance. 

 

First, check the troubleshooting steps in the article: Your Windows user is not authorized to use ControlUp (On-Premises Login Issue)

If you have checked all these steps and you're still unable to log in to the Console, check the User Management log located on the ControlUp On-Premises server in the following location: 

"C:\Program Files\Smart-X\ControlUp Server\WebApps\UserManagementService\7_WS\UserManagementService.log"

Check the errors at the bottom of the log. If you see the group listed: 'ControlUp_PrivateCloudMembers' then the issue is that your service account is unable to read the contents of the file: "C:\Program Files\Smart-X\ControlUp Server\Server Settings\ControlUpServerSettings.xml" 

To resolve, make certain that your ControlUp service account has Read & Execute permissions to the ControlUpServerSetting.xml that defines the ControlUp User group, then perform an IISRESET. 

On-Premises Login Issue

The Issue:

You cannot login to ControlUp Real Time Console in an On-Premises mode
environment. The message you receive is - "Authorization Failed"

The Solution:

It appeared that the password for the two service accounts that needed to run the ControlUp services were expired. So, AD was not letting them to run the services. 
You can verify if this is indeed the case, if you try to restart the ControlUp services and they do not start back - 

  1. ControlUp Incidents
  2. ControlUp-LDS or ADAM_ControlUp-LDS

To receive more details about the failure, you can look at the login log which is located on the On-Premises server in C:\Program Files\Smart-X\ControlUp Server\Websites\UserManagementService\7_WS\user management.log 

If the following errors appear in the user management log:
ERROR|Error in BaseResponse. |UserManagement.Exceptions.UserManagementException: Failed to bind to organization permissions group 'AD Group Name'It means the issue could be with the AD group you assigned as the group for users who can login to ControlUp Console:

  • The AD group and SID needs to match in the server settings file, located here - "C:\Program Files\Smart-X\ControlUp Server\Server Settings\ControlUpServerSettings.xml"
  • The group needs to be a Security Global group.
  • Application Pools - Verify all application pools are running and do IISReset on the On-Premise server.
  • In 7.1 & 7.2 it could be a license issue (IOP Allowed - Yes/No).

How do I get the SID? click here (external link) for additional information.

 

1-on-1 Demo
Schedule now
Price Quote
Get it now
Need a Script?
Get it here
Powered by Zendesk