<div dir="ltr"><div><div>Hi,<br><br>Can you enable debug logging for sso and give me the debug logs when the error occurs.<br><br></div>You can enable debug logging for sso by adding the following to /usr/share/ovirt-engine/services/ovirt-engine/<a href="http://ovirt-engine.xml.in">ovirt-engine.xml.in</a>, just below the entry for bll<br><br> <logger category="org.ovirt.engine.core.sso"><br> <level name="DEBUG"/><br> </logger><br><br></div>Thanks<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Mar 29, 2017 at 3:21 AM, Francesco Romani <span dir="ltr"><<a href="mailto:fromani@redhat.com" target="_blank">fromani@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<p>Hi,<br>
</p><span class="">
<br>
<div class="m_2282015529457287792moz-cite-prefix">On 03/02/2017 12:21 PM, Eduardo Mayoral
wrote:<br>
</div>
<blockquote type="cite">
<p>Hi, <br>
</p>
<p> I am getting exactly the same issue here with 4.1 , when
trying to log in to the serial console over SSH.</p>
<p><br>
</p>
<p>The user with domain is <a class="m_2282015529457287792moz-txt-link-rfc2396E" href="mailto:emayoral_adm@arsyslan.es" target="_blank">"emayoral_adm@arsyslan.es"</a>
(please note mailman may translate the "at" character to a
textual "_at_"). The First name and last name as read from
active directory is "Eduardo Mayoral" (with no quotes)<br>
</p>
<p>The password is: 08.HJYqoce,nrW (OK, this is not the real
password, but it has the same special characters and approximate
structure and length)<br>
</p>
<p>This is the engine.log output.<br>
</p>
<p><tt><font size="-1">2017-03-02 11:13:31,917Z INFO
[org.ovirt.engine.core.bll.<wbr>aaa.LoginOnBehalfCommand]
(default task-25) [5d9b7d18] Running command:
LoginOnBehalfCommand internal: true.<br>
2017-03-02 11:13:31,938Z ERROR
[org.ovirt.engine.core.sso.<wbr>utils.SsoUtils] (default task-33)
[] OAuthException server_error: java.text.ParseException:
Invalid character ' ' encountered.<br>
2017-03-02 11:13:31,939Z ERROR
[org.ovirt.engine.core.bll.<wbr>aaa.LoginOnBehalfCommand]
(default task-25) [5d9b7d18] Unable to create engine
session: EngineException: user <a class="m_2282015529457287792moz-txt-link-abbreviated" href="mailto:emayoral_adm@arsyslan.es" target="_blank">emayoral_adm@arsyslan.es</a>
in domain 'arsyslan.es-authz (Failed with error
PRINCIPAL_NOT_FOUND and code 5200)<br>
2017-03-02 11:13:31,945Z ERROR
[org.ovirt.engine.core.dal.<wbr>dbbroker.auditloghandling.<wbr>AuditLogDirector]
(default task-25) [5d9b7d18] EVENT_ID:
USER_LOGIN_ON_BEHALF_FAILED(1,<wbr>402), Correlation ID:
5d9b7d18, Call Stack: null, Custom Event ID: -1, Message:
Failed to execute login on behalf - for user <a class="m_2282015529457287792moz-txt-link-abbreviated" href="mailto:emayoral_adm@arsyslan.es" target="_blank">emayoral_adm@arsyslan.es</a>.<br>
2017-03-02 11:13:31,945Z ERROR
[org.ovirt.engine.core.<wbr>services.<wbr>VMConsoleProxyServlet]
(default task-25) [5d9b7d18] Error processing request: :
java.lang.RuntimeException: Unable to create session using
LoginOnBehalf<br>
</font></tt></p>
</blockquote>
<br></span>
This smells like one engine internal bug. Please make sure to file
one bugzilla entry.<br>
<br>
Bests,<span class="HOEnZb"><font color="#888888"><br>
<br>
<pre class="m_2282015529457287792moz-signature" cols="72">--
Francesco Romani
Senior SW Eng., Virtualization R&D
Red Hat
IRC: fromani github: @fromanirh</pre>
</font></span></div>
<br>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/users</a><br>
<br></blockquote></div><br></div>