-
Bug
-
Resolution: Won't Fix
-
Major
-
None
-
Windows 2003 Server + Tomcat
Our Tomcat Process runs as an Active Directory User so we can access the AD via Jenkins. Now i locked this User on another machine by using a wrong password, and after i try to login to jenkins (authentication via ad) i get the following exception. Would be great to give the user a "human error message"
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
com4j.ComException: 80040e37 (Unknown error) : Table does not exist. : .\invoke.cpp:460
com4j.Wrapper.invoke(Wrapper.java:122)
$Proxy28.execute(Unknown Source)
hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.getDnOfUserOrGroup(ActiveDirectoryAuthenticationProvider.java:117)
hudson.plugins.active_directory.ActiveDirectoryAuthenticationProvider.retrieveUser(ActiveDirectoryAuthenticationProvider.java:73)
org.acegisecurity.providers.dao.AbstractUserDetailsAuthenticationProvider.authenticate(AbstractUserDetailsAuthenticationProvider.java:119)
org.acegisecurity.providers.ProviderManager.doAuthentication(ProviderManager.java:195)
org.acegisecurity.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:45)
org.acegisecurity.ui.webapp.AuthenticationProcessingFilter.attemptAuthentication(AuthenticationProcessingFilter.java:71)
org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:252)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:173)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:66)
hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
root cause
com4j.ComException: 80040e37 (Unknown error) : Table does not exist. : .\invoke.cpp:460
com4j.Native.invoke(Native Method)
com4j.StandardComMethod.invoke(StandardComMethod.java:95)
com4j.Wrapper$InvocationThunk.call(Wrapper.java:258)
com4j.Task.invoke(Task.java:44)
com4j.ComThread.run0(ComThread.java:149)
com4j.ComThread.run(ComThread.java:125)
note The full stack trace of the root cause is available in the Apache Tomcat/6.0.26 logs.
[JENKINS-10688] Exception when AD User is locked
FireFart
added a comment - Normaly you get that error from AD or LDAP when the LDAP Path is not found.
Do you know which AD-Property needs to be accessed from this codeline so i can search manually in our Active Directory Domain?
FireFart
added a comment - Normaly you get that error from AD or LDAP when the LDAP Path is not found.
Do you know which AD-Property needs to be accessed from this codeline so i can search manually in our Active Directory Domain? Determining if an account is locked out is a little tricky, but this technique always worked for me:
http://dunnry.com/blog/CommentView,guid,4bce7d12-11c7-4ca5-b0cd-7f46ad2844de.aspx
We get this exact error (com4j.ComException: 80040e37 (Unknown error) : Table does not exist. : .\invoke.cpp:460), and our AD administrators looked pretty hard to figure it out. In the end, I don't think we ever really knew what was happening, and I don't really have much AD knowledge, so I don't fully understand their explanation. It was something to do with our AD setup having two servers (??), and windows itself would know that if one was unavailable, to fail over to the other one, but perhaps Jenkins is somehow caching the failed one. We have an alert that monitors Jenkins' logs to look for that exact error message, and if it comes up, we reboot the whole server, which fixes it every time. This error really only seems to happen when our Jenkins' server is rebooted in the first place (twice weekly per corporate policy), and the timing on when servers come up is out of our admins hands, so perhaps there is a timing issue with the AD servers and Jenkins server coming up simultaneously.
Jacob Robertson
added a comment - - edited We get this exact error (com4j.ComException: 80040e37 (Unknown error) : Table does not exist. : .\invoke.cpp:460), and our AD administrators looked pretty hard to figure it out. In the end, I don't think we ever really knew what was happening, and I don't really have much AD knowledge, so I don't fully understand their explanation. It was something to do with our AD setup having two servers (??), and windows itself would know that if one was unavailable, to fail over to the other one, but perhaps Jenkins is somehow caching the failed one. We have an alert that monitors Jenkins' logs to look for that exact error message, and if it comes up, we reboot the whole server, which fixes it every time. This error really only seems to happen when our Jenkins' server is rebooted in the first place (twice weekly per corporate policy), and the timing on when servers come up is out of our admins hands, so perhaps there is a timing issue with the AD servers and Jenkins server coming up simultaneously. As I commented in JENKINS-13894, this error code is used for multiple reasons, and I don't think Jenkins can really improve the error diagnostics here without further confusing users.
So until someone comes up with the solution, I'm marking this issue as closed.
The problem is that I don't really know if this problem only happens when the user is locked. Do you know?