Connecting to servers

Problem Symptoms and solution
Cannot connect to server

Symptoms:

  • User cannot log in.
  • Events log entry: Authentication failed: Invalid username kowalski or password.
 

Solution:

  • Verify that user definition exists in Wheel Fudo PAM database.
  • Make the login credentials are correct.
  • Make sure that the client software does not have outdated credentials stored.
   
  Symptoms: events log entry: Unable to establish connection to server zbigniew (10.0.35.53:3399).
  Cause: incorrect server configuration.
 

Solution:

  • Verify that the server in question is properly configured (IP address, port number).
  • Check if the server is reachable from Wheel Fudo PAM:
  1. Log in to Wheel Fudo PAM administration panel.
  1. Select Settings > System, Diagnostics tab.
  1. Enter server address in the Ping section and execute command and test host’s availability.
  • Check if the server is reachable on given port number:
  1. Log in to Wheel Fudo PAM administration panel.
  1. Select Settings > System, Diagnostics tab.
  1. Enter server address along with the port number in the Netcat section and execute command.
Problem Symptoms and solution
When logging in not all of the users see the Wheel Fudo PAM logon screen.

Cause:

  • Credentials stored in RDP client result in users being automatically logged in to remote host.
  • Credentials stored in RDP client, user is successfully authenticated against credentials stored so the Wheel Fudo PAM logon screen is not displayed. Next, Wheel Fudo PAM forwards user credentials to target server but they are no longer valid which results in Windows gina being displayed.
 

Symptoms:

  • Client software message: Connection closed by remote host.
  • Events log entry: Failed to authenticate against the server as user root using password.
  Cause: incorrect login credentials.
  Solution: provide correct login credentials in server configuration.
   
 

Symptoms:

  • RDP client message: Connection refused.
  • SSH client message: ssh: connect to host 10.0.1.111 port 10011: Connection refused
  Cause: server has been blocked.
  Solution: log in to Wheel Fudo PAM administration panel and unblock the server.
   
Problem Symptoms and solution
Connection is terminated

Symptoms:

  • User tries to log in to server monitored by Wheel Fudo PAM, after entering username and password session is immediately terminated.
  • Events log entry: TLS certificate verification failed.
  Solution:
  Download new target host certificate in the Target host section.
  host_certificate
 

Symptoms:

  • After entering username and password the connection is terminated.
  • Events log entry: RDP connection error.
  Solution: check if in the General tab in TCP-Rdp properties, the Encryption level option is not set to FIPS Compliant.
   
Cannot connect to server

Symptoms:

  • Cannot log in to server with error message User user0 not allowed to connect to server.
  • Events log entry: Authentication failed: User user0 not allowed to connect to server.
  Cause: user is not assigned to proper connection.
  Solution: add user to appropriate connection object.
Problem Symptoms and solution
 

Symptoms:

  • After entering username and password, the screen freezes.
  • Events log entry Terminating session: User user0 (id=848388532111147010) is blocked.
  Cause: user is blocked.
  Solution: log in to Wheel Fudo PAM administration panel and unblock the user in question.
   
User has to provide login credentials twice Symptoms: user connecting over RDP protocol enters login credentials and immediately afterwards is asked again for the same login information.
  Cause: server is a part of an infrastructure managed by connections broker which has detected an active user’s session on another server.
   
  Symptoms: user connecting over SSH protocol enters login credentials and immediately afterwards is asked again for login information.
  Cause: in connection object options for login and password substitution are enabled but the input fields are left blank which results in two fold authentication - first time against Wheel Fudo PAM and second time against the target host.
   
Cannot connect to server over RDP protocol

Symptoms:

  • User connecting over RDP is disconnected a moment after establishing connection.
  • Events log entry: RDP server 10.0.0.:33890 has to listen on the default RDP port in order to redirect sessions.
  Cause: connection is redirected to a host which does not listen on port number 3389.
  Solution: configure server in question so it accepts user connections on port number 3389.
   
 

Symptoms:

  • Events log entry: User user0 has no access to host 192.168.0.1:3389
  Cause: connections broker determines an existing user session on another server and redirects user to that host but it is not configured on Wheel Fudo PAM or the user does not have sufficient access rights to connect to given server.
 

Solution:

  • Make sure that the server object exists.
  • Add user to proper connection object.