User information is not recognized
astular opened this issue · 3 comments
Hi!
Since yesterday I am experiencing this error when I try to open the Access Manager homepage:
Access denied
Your request could not be processed as your user information is not recognized
What does this error message mean? The message is probably not related to authorizations, since the message is there even before I enter the computer name.
Our authentication provider is set to "Integrated windows authentication".
Kind regards,
Anze
It must be related to the recent updates:
https://support.microsoft.com/en-gb/topic/kb5011233-protections-in-cve-2022-21920-may-block-ntlm-authentication-if-kerberos-authentication-is-not-successful-dd415f99-a30c-4664-ba37-83d33fb071f4
I will have to make sure that SPN is properly registered for the group managed service account.
Yep, that's sounds like the known issue.
See our KB article on this
https://docs.lithnet.io/ams/help-and-support/support-articles/kb000005
OK, I managed to resolve the problems by first adding the correct SPN for our group managed service accounts:
setspn.exe -S http/access.ourdomain.com ourdomain\GMSCAccount$
I then had to change the Authentication settings: I have changed the authentication scheme from Negotiate to NTLM.
Now things are working.
Regarding the november updates and out-of-band fix: the out-of-band update no longer applies if you patched your DCs with december updates. They must have included these fixes in the december updates.
Thanks!