AACC - CCMA webadmin login failure

Hi!

This tread is quite old, but i hope somebody found the solution for this problem.

I have the same issue on new installation, 6.2 with SP6 + newest patch (what is available on support.avaya.com page). The error what i get, when im trying to log into CCMA is: "You have entered an invalid User Name/Password combination. If you have forgotten the password, please contact your administrator. "

The installation was successful.
CCMA is in domain.
I've logged into server utility, but still cant log in to CCMA.
Symposium WC service is running.
The Security options are set up like:
User Account Control: Use Admin Approval Mode for the built-in Administrator account = Disabled (DEFAULT)
User Account Control: Run all administrators in Admin Approval Mode = Disabled
I have all priviligies to folder: C:\ProgramData\microsoft\crypto\RSA\MachineKeys

Do you have any further suggestion?

My guess would be that a domain policy has been applied that is impacting one or more of the files, there are many files that it could be... i would try removing it from the domain and then testing, or have the IT department exclude the server from the Group Policy. Group Policy causes many issues with CCMA

Hi

have you found a solution to your login problem. We have the same issue!!

Regards Dieter

AACC - CCMA webadmin login failure

Hi All, New installation of AACC 6.3 SP11 on virtual customer server (co-resident environment) with CS1K AML. We have the same issue with webadmin login and with iceAdmin password change. The server in domain.
We checked the encryption of webadmin password - all ok.

Do you have any further suggestion?

CCMA webadmin login failure

We are installing AACC 6.4 version to get the in a co-resident installation environment.
Some errors appear during install CCMA ADAM, regarding (I guess) AD-LDS, but installation completes and reports success.

When go attempt to login to the CCMA using the default 'webadmin' user and password, we ge the login page error description saying 'You have entered an invalid Username/password combination'.

Is there any logs we could check or settings we could verify so that we can login to the CCMA? Any help is much appriciated.

Thanks,
David

This thread has good solutions and items to look at on your server. There have been to major items that I've seen:

Machine Keys
Security Policies

One of these items is probably the culprit.

The short answer is that there is a configuration on the server which is preventing you from logging in. If you have the security policy setting "run all administrators in admin approval mode" and you have an issue logging into CCMA then most likely there is a domain policy setting which has changed from default; iceAdmin is common one that gets removed from the policies. It is really hard to say which one will effect your installation. The best way is to compare policies from an installation of AACC where no policies are being set. I would ask the customer to remove the policies from the server so you can then test the CCMA login. If it works then you can examine the policies closer to see which one is restricing the login.

You can view the policies set by the domain by running gpresult -h <filename>.html

I have done enough installations of AACC that I am confident the installation of AACC is solid. An issue like your're indicating is server configuration related and not something with the installation itself. (assuming your're using the same password as entered into the installer.)

Just an example:
Below is a defualt setup of the User Rights Assignments. You can see where iceAdmin is called specifically. A lot of times iceAdmin is removed from the policy and replaced by the group Administrators which is OK since iceAdmin is an administrator. There are times where a customer will change a policy that doesn't include iceAdmin and this will cause issues with CCMA.

Policy Security Setting
Access Credential Manager as a trusted caller
Access this computer from the network Everyone,Administrators,Users,Backup Operators
Act as part of the operating system
Add workstations to domain
Adjust memory quotas for a process LOCAL SERVICE,NETWORK SERVICE,Administrators,Classic .NET AppPool,DefaultAppPool
Allow log on locally Administrators,Users,Backup Operators
Allow log on through Remote Desktop Services Administrators,Remote Desktop Users
Back up files and directories Administrators,Backup Operators
Bypass traverse checking Everyone,LOCAL SERVICE,NETWORK SERVICE,Administrators,Users,Backup Operators
Change the system time LOCAL SERVICE,Administrators
Change the time zone LOCAL SERVICE,Administrators
Create a pagefile Administrators
Create a token object
Create global objects LOCAL SERVICE,NETWORK SERVICE,Administrators,SERVICE
Create permanent shared objects
Create symbolic links Administrators
Debug programs Administrators
Deny access to this computer from the network
Deny log on as a batch job
Deny log on as a service
Deny log on locally
Deny log on through Remote Desktop Services
Enable computer and user accounts to be trusted for delegation
Force shutdown from a remote system Administrators
Generate security audits LOCAL SERVICE,NETWORK SERVICE,Classic .NET AppPool,DefaultAppPool
Impersonate a client after authentication LOCAL SERVICE,NETWORK SERVICE,Administrators,IIS_IUSRS,SERVICE
Increase a process working set Users
Increase scheduling priority Administrators
Load and unload device drivers Administrators
Lock pages in memory
Log on as a batch job iceAdmin,Administrators,Backup Operators,Performance Log Users,IIS_IUSRS
Log on as a service IUSR,iceAdmin,NT SERVICE\ALL SERVICES,DefaultAppPool
Manage auditing and security log Administrators
Modify an object label
Modify firmware environment values Administrators
Perform volume maintenance tasks Administrators
Profile single process Administrators
Profile system performance Administrators,NT SERVICE\WdiServiceHost
Remove computer from docking station Administrators
Replace a process level token LOCAL SERVICE,NETWORK SERVICE,Classic .NET AppPool,DefaultAppPool
Restore files and directories Administrators,Backup Operators
Shut down the system Administrators,Backup Operators
Synchronize directory service data
Take ownership of files or other objects Administrators

the problem still there..

Thank you stphnwd, for your response..

Taking your advises into account, i have been collecting my policies.

Comparing the default policies you posted and mine, all are the same but "Log on as a service", because IUSR was not in the group. I added but problem still exist when i try to log on to CCMA.

I have run the gpresult command. I attached the result: Do you see something wrong? THANKS A LOT!

just for help. I try install AACC6.4 in workgroup, changing the policies related on passwords and the installations finish OK with no errors.

Maybe later i can add the server to domain, but not necesary in my case because was just for lab enviroment.

Regards