[pubcookie-users] User Authentication Failed! Please contact ntadmin

[Hongjun Wang]

Nathan,

The problem is resolved. It turns out that we had a DNS discrepancy cross our multiple DNS servers on campus. The same DNS entry on different DNS servers are pointing to two different boxes. We did a DNS cleanup, shut off the old server then pubcookie works like a charm. 

I appreciate your time and inputs. I do learned a lot from this issue. 

Happy New Year!

Hongjun
========

-----Original Message-----
From: Nathan Dors [mailto:dors at washington.edu] 
Sent: Wednesday, December 31, 2008 8:58 AM
To: Hongjun Wang
Cc: pubcookie-users at u.washington.edu
Subject: RE: [pubcookie-users] User Authentication Failed! Please contact ntadmin

In the modern era of pubcookie (version 3.0 and higher), the software 
hasn't depended on machine IP address. Switching DNS for your domain name 
is a common way to migrate to new systems. Should've worked, so hopefully 
one of those other options fixes it.

-Nathan


On Tue, 30 Dec 2008, Hongjun Wang wrote:


> Nathan,

>

> Thank you for your prompt response. Sorry for getting you back late.

>

> I had tried solution #1 with no luck. Will try the other two ASAP.

>

> A potential cause might be due to the way we setup the pubcookie. We did not submit a new request to register our new VM server for using pubcookie. Instead we did a DNS switch to let the URL (domain name actually) pointing to our new box. If pubcookie is machine dependent, that's probably where goes wrong. We are working with ITS on this issue. I will keep you posted.

>

> Hongjun

> ========

>

> -----Original Message-----

> From: Nathan Dors [mailto:dors at washington.edu]

> Sent: Tuesday, December 23, 2008 7:29 PM

> To: Hongjun Wang

> Cc: pubcookie-users at u.washington.edu

> Subject: Re: [pubcookie-users] User Authentication Failed! Please contact ntadmin

>

> There are a few suggestions here, so we'd be interested in hearing back

> whether any of them fix the problem in your case.

>

> First, if this is IIS 6.0, the default idle timeout can cause session

> cookie errors. This is a known problem mentioned here:

>

> http://pubcookie.org/docs/install-filter-3.3.html#problems

>

> Next, you might try using an on-disk session key pair, rather than the

> default which is to generate a key pair dynamically whenever the filter is

> initialized or reinitialized. There are some specifics on generating the

> files in the documentation on clustering systems, which requires an

> on-disk key pair:

>

> http://pubcookie.org/docs/install-filter-3.3.html#clusters

>

> Last, you might try using DES encryption instead of AES, by setting the

> Encryption Method directive for your web site using the IIS Manager. There

> have been cases where changing the algorithm to DES has fixed problems

> with session cookies.

>

> Also, remember to start a fresh browser when re-testing these fixes.

> Restarting the browser will ensure existing session cookies are removed.

>

> -Nathan

>

> On Tue, 23 Dec 2008, Hongjun Wang wrote:

>

>> I found an old thread on this issue but no solid answer for fixing. Here

>> is what I am fighting with: The installation of Pubcookie on my server

>> was successful and worked great on my office/home machines. Today, I had

>> an internal user in another building called me up and complained she

>> could not login. She can login to myUW just fine but she got the "User

>> Authentication Failed" error message when she access our application. I

>> was able to reproduce the same error from her location. In the Event log

>> I found three errors/warnings related to pubcookie:

>>

>>

>> 1.     libpbc_rd_safe: couldn't verify signature for emedicine.uwmedicine.org OpenSSL error: error:04067084:rsa routines:RSA_EAY_PUBLIC_DECRYPT:data too large for modulus

>>

>> 2.       Can't unbundle Session cookie for URL: xxx.xxx.xx

>>

>> 3.     libpbc_unbundle_cookie: libpbc_rd_priv() failed

>>

>> Please help!

>>

>> Thanks

>>

>> Hongjun Wang

>> Web Computing Specialist

>> Dept of Orthopaedics & Sports Medicine

>>

> _______________________________________________

> pubcookie-users mailing list

> pubcookie-users at u.washington.edu

> http://mailman2.u.washington.edu/mailman/listinfo/pubcookie-users

>