Troubleshooting steps for NTLM-based SSO

Change browser settings to allow single sign-on

Trusted sites are the sites in which NTLM authentication can occur seamlessly. If SSO has failed, then the most probable cause is that ADAudit Plus isn't a part of your browser's trusted sites.

To add the URLs of ADAudit Plus in the trusted sites list, follow the steps given below:

Internet Explorer (IE):

1. Open Internet Explorer, and click on Tools located in the top right-hand corner of the screen. Then go to Internet Options → Security. Under Select a zone to view or change security settings, select Local Intranet → Sites.
2. If you're using any versions lower than IE 11, add the URL of ADAudit Plus to the list of intranet sites.
3. you're using IE 11, click on Advanced, and add the URL of ADAudit Plus to the list of intranet sites.
4. Click Close → OK. Finally, close all browser sessions, and reopen the browser.

Google Chrome

1. Open the Control Panel > Network and Internet > Internet Options. Alternatively, in Chrome, click the Customize and control Google Chrome icon (three horizontal lines on the far right of the address bar).
2. Click Settings, scroll to the bottom, and select Show advanced settings.
3. Under the System section, click Open proxy settings.
4. In the Internet Properties dialog box, go to the Security tab, select Local Intranet, and click Sites.
5. Click Advanced and add the URLs of AdAudit Plus and its components to the list of intranet sites.
6. Click Close, then OK to save the settings.
7. Close all browser sessions and reopen the browser for the changes to take effect.

Mozilla Firefox

1. Open Firefox and type about:config in the address bar.
2. Click I accept the risk in the warning window.
3. In the Search field, enter network.automatic-ntlm-auth.trusted-uris.
4. Double-click the network.automatic-ntlm-auth.trusted-uris preference and enter the URLs of AdAudit Plus and its integrated products. Use a comma to separate multiple URLs.
5. Click OK to save the changes.
6. Close all Firefox sessions and reopen the browser for the changes to take effect.

Check the computer account configuration

Status: Error in Creating Computer Account. This error can be due to any of the reasons listed below:

Invalid domain credentials in ADAudit Plus

The credentials of the user account specified in the domain settings section might have expired. To update the credentials:

• Log in to the ADAudit Plus web console with admin credentials.
• Click on Domain Settings, hover over the relevant domain, click on Modify credentials, and update the username and password.

Domain controllers (DC) are not accessible from ADAudit Plus

ADAudit Plus might not be able reach the specified DCs. To add another DC that ADAudit Plus can access:

• Log in to the ADAudit Plus web console with admin credentials.
• Click Domain Settings, select the relevant domain.
• Click Add Domain Controller, specify the name of the relevant DC, and enter the credentials of the account that ADAudit Plus should use.

Non-conformance to password policy

The password of the automatically created computer accounts for NTLM authentication might not be meeting the domain password policy settings. To create a computer account manually and assign it a password that meets the complexity requirements of the domain policy settings, follow the steps given below:

• Log in to ADAudit Plus web console with admin credentials. Navigate to Admin → Administration → Logon Settings → Single Sign-On. Check the box next to Enable Single Sign-On, and select NTLMv2 Authentication.
• Click on the error message Error in creating a new computer account in the status column next to the domain in which you wish to create a computer account.
• Create a computer account manually by entering a Computer Name and Password.