Single Sign On Issue

Hey guys,

I turned on SSO on one of my projects after upgrading to 7.7 and it was working great until we discovered an issue.

When a client is active and the computer is locked (e.g. pressing CTRL-ALT-DELETE and selecting Lock This Computer) after a while the client freaks out and continuously sends login requests to the domain controller. In response, the domain controller locks that account out. I turned off SSO and now that problem seems to have gone away so it points to something with how the SSO part works. FYI!

We have a lot of different computers/operating systems/java version combinations here so I wasn’t able to narrow it down to any specifics but for the most part we are using Java 6 and Windows 7. Ignition version is 7.7.1 RC1.

About how long is “a while”? is the client computer going to sleep or no?

It’s hard to say how long a while is, every time I tried to simulate it I couldn’t get it to happen but when I would go to a computer that was doing it, it was locked. They were all desktops and our default Windows settings are not to sleep, but hybrid sleep is turned on (I’m not sure what that is…). The computers don’t sleep so our IT department can push down updates at night.

Hey Carl,

I had another incident yesterday that caused some issues but it didn’t seem to be related to SSO because that was turned off. I’m not sure it’s 100% related but it caused the same symptoms.

Yesterday around 2:48 PM our network connection to our cloud servers went down for about 15 minutes. Obviously all of the clients lost connections to both primary and backup servers. Once the connection came back up everything looked fine but it was determined a few hours later that some of the clients were spamming the domain servers with login requests (I say clients but really it wasn’t the clients).

The weird thing was that our IT department shut down the PC’s causing the issue and the login requests continued. Our IT department made the decision to shut down the primary Ignition server and restart. The login requests continued but were now coming from the backup server. The issue was not fixed until the backup server was also restarted. Maybe this was a redundancy problem? I was not here when IT did the restarts so I could not get a thread dump or anything but I will include the logs from both servers. I don’t know how helpful they will be. The servers were restarted around 5:30 PM.

logs primary.bin.gz (837 KB)
logs backup.bin.gz (504 KB)

Your gateways are in the cloud or your AD servers are in the cloud? or both?

Our gateways are in the cloud. One of our AD servers is in the cloud and the other is local to our plant (it hasn’t been moved to the cloud yet).

The primary connection is the local AD server and the failover is the server in the cloud.