Forum Discussion
NimbostratusAPM Kerberos Authentication - Logon agent instance is not available to be scheduled
Hi,
I have an APM policy that receive user credentials and authenticate them with Kerberos authentication.
After receiving the payload the APM says (on var/log/apm) "AD module: Logon agent instance is not available to be scheduled" and then follow "Auth Failed" and "Deny" Ending. I have tested the Active Directory AAA server (Fetch Groups) and it appears to be OK. The max logon attempts set to 5.
Any suggestions?
- Kevin_Stewart
Employee
Can you elaborate on your configuration? That error is usually a benign warning message and happens when some part of an AD auth/query fails.
Moshiko_KochvaUpdate: after adding a Debug logging policy on the relevant APM policy I found that the password for the Active Directory user account that I have tried to authenticate has been expired. It's to bad that the APM doesn't log that in the default logging policy.
AD agent: Auth (logon attempt:0): Domain password has been expired and must be changed for 'User@Domain.com'
After resetting the user password the authentication succeeded.
Thanks Kevin.
- Moshiko_Kochva
Update: after adding a Debug logging policy on the relevant APM policy I found that the password for the Active Directory user account that I have tried to authenticate has been expired. It's to bad that the APM doesn't log that in the default logging policy.
AD agent: Auth (logon attempt:0): Domain password has been expired and must be changed for 'User@Domain.com'
After resetting the user password the authentication succeeded.
Thanks Kevin.
