Overview
This article provides the troubleshooting steps for login failure issue using AD credentials.
Traceback
When we try to activate a client or login to web with AD credentials, it will give a general error :Invalid credentials (#10000005f).
You will see the following error message logged atC:\inSyncADConnector\inSyncADConnector.log(where AD connector is installed)every time a user tries to login/activate.
๐ Note
โ[2015-07-23 1524:49,963] [DEBUG] Error <class 'ldap.INVALID_CREDENTIALS'>:{'info': '80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 531, v1db1', 'desc': 'Invalid credentials'}. Traceback -Traceback (most recent call last):File "Srv\inSyncADConnectorRPC.pyc", line 72, in connect_adFile "ldap\ldapobject.pyc", line 208, in simple_bind_sFile "ldap\ldapobject.pyc", line 469, in result3File "ldap\ldapobject.pyc", line 476, in result4File "ldap\ldapobject.pyc", line 99, in _ldap_callINVALID_CREDENTIALS: {'info': '80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 531, v1db1', 'desc': 'Invalid credentials'}[2015-07-23 15:24:49,963] [ERROR] Error <class 'inSyncLib.inSyncError.SyncError'>:Invalid credentials (#10000005f). Traceback -Traceback (most recent call last):File "inSyncLib\inSyncRPCServer.pyc", line 95, in call_methodFile "inSyncLib\inSyncRPCBase.pyc", line 1057, in call_methodFile "Srv\inSyncADConnectorRPC.pyc", line 81, in connect_adSyncError: Invalid credentials (#10000005f)
Cause
This error message is due to the setting "Allow user to log on to a specified computer" in Active Directory. This setting restricts the user to logon to only a specified computer.
There might be a mismatch in the attribute of AD Mapping and users summary information.
Resolution 1
To resolve this issue go to your Active Directory server. Open the User and Computers snap in. Go to the container where failed user resides.
Right click user and go to properties. Select the Account tab.
Select "Log on to..." and remove computer from "The following computers" section or select All Computers option and click OK.
Try to activate the user/login to inSync web and the authentication should succeed.
Reference Article:
https://support.software.dell.com/kb/sw8359
Resolution 2
We need to ensure AD username field should match the UPN of the user in the AD. The UPN of the user can be found under the "Account" tab in the AD for user properties.