Support Forums

Problems with passw...
 
Notifications
Clear all

Problems with password change for users


AD IT Dept
Posts: 18
Topic starter
(@ad-it-dept)
Active Member
Joined: 2 years ago

Good day,

we have started pilot run for CloudPanel in our AD, and the issue is following:

user changes password, it is written into xml file and on scheduled sync CloudPanel fails to parse this xml file.

with following error message:

| ERROR | CloudPanel.SyncService.Tasks.ProcessADPasswordChanges| Task: Active Directory Password Changes, Type: Error, Message: Error reading file C:\Program Files\Know More IT\Sync Service\db\username.xml: System.Xml.XmlException: ',' is an unexpected token. The expected token is ';'. Line 3, position 33.

XML file Password line contains symbol "<" that breaks the import process:

<ADPasswordChange>
<Username>username</Username>
<Password>|Mn8&gt;&amp;lt;n+&_Ro,<o(<n+&</Password>
<Retry>0</Retry>
<LastMessage>none</LastMessage>
</ADPasswordChange>

CloudPanel VERSION: 3.2.330.0

Topic Tags
24 Replies
Jacob Dixon
Posts: 1247
Admin
(@jdixon)
Illustrious Member
Joined: 7 years ago

Can you please try CloudPanel 3.2.0335 and let me know if it continues? We have made improvements in the latest version. You would need to upgrade CloudPanel and ADSync on all the domain controllers that you have this deployed to.

Reply
1 Reply
AD IT Dept
(@ad-it-dept)
Joined: 2 years ago

Active Member
Posts: 18

@jdixon

Unfortunately it did not helped with update routine.

Still getting user passwords not synced with error message:

[2021-06-21 1522,564] | ERROR | CloudPanel.SyncService.Tasks.ProcessADPasswordChanges| Task: Active Directory Password Changes, Type: Error, Message: Error reading file C:\Program Files\Know More IT\Sync Service\db\dmamontovs.xml: System.Xml.XmlException: Name cannot begin with the '~' character, hexadecimal value 0x7E. Line 3, position 20.

and the xml file has password data, that cannot be correctly processed ("<" symbol breaks the logic):

<Password>jmTP&lt;<~1Z33l</Password>

Reply
AD IT Dept
Posts: 18
Topic starter
(@ad-it-dept)
Active Member
Joined: 2 years ago

@jdixon

It appears to be one big issue with users changing their passwords in AD.

it looks like ~25% of users geting this problem  on password changed in AD not uploaded to CloudPanel due to incorrect symbols in xml file.

Is there any permanent fix to this issue?

Reply
1 Reply
Jacob Dixon
Admin
(@jdixon)
Joined: 7 years ago

Illustrious Member
Posts: 1247

@ad-it-dept Do you have an example password we could try? We did find issues as you pointed out and implemented a fix but it would be helpful if we had a test password to try and make sure 100%. I can send you the update file after you respond. Thank you!

Reply
AD IT Dept
Posts: 18
Topic starter
(@ad-it-dept)
Active Member
Joined: 2 years ago

have tried with following password and failed:

***************

Reply
8 Replies
Jacob Dixon
Admin
(@jdixon)
Joined: 7 years ago

Illustrious Member
Posts: 1247

@ad-it-dept Thank you. I will run that through our encryption methods and see the output.

Reply
Jacob Dixon
Admin
(@jdixon)
Joined: 7 years ago

Illustrious Member
Posts: 1247

We are finishing up some changes we made to CloudPanel in order to deploy the new ADSync service that will resolve this issue. We are hoping to finish testing by EOD Tuesday and release on Wednedsay.

Reply
AD IT Dept
(@ad-it-dept)
Joined: 2 years ago

Active Member
Posts: 18

@jdixon good day, any good news?

Reply
Jacob Dixon
Admin
(@jdixon)
Joined: 7 years ago

Illustrious Member
Posts: 1247

@ad-it-dept yes. Sorry we were not thinking about being off Monday for the holiday so the release is a day later than planned (today). I will post here when it it out this afternoon

Reply
Jacob Dixon
Admin
(@jdixon)
Joined: 7 years ago

Illustrious Member
Posts: 1247

Here is the download: https://compsysar.sharefile.com/d-sc281d978d3b140b297497cf88a9562f4
Just so you know, we are still troubleshooting the password filter not registering on Server 2012 servers.

Reply
Jacob Dixon
Admin
(@jdixon)
Joined: 7 years ago

Illustrious Member
Posts: 1247

We have released version 3.2.0340: https://knowmoreit.com/release/

Reply
AD IT Dept
(@ad-it-dept)
Joined: 2 years ago

Active Member
Posts: 18

@jdixon, than you,

do we need to update Cloud Panel and AD Sync on DC, or AD Sync will do the magic?

Reply
Jacob Dixon
Admin
(@jdixon)
Joined: 7 years ago

Illustrious Member
Posts: 1247

@ad-it-dept We did make some changes in CloudPanel to support multiple company codes in ADSync, so I would update it as well. We also updated some documentation: https://kb.knowmoreit.com/docs/cloudpanel-adsync/

Reply
rferrigno
Posts: 7
(@rferrigno)
Active Member
Joined: 5 years ago

@jdixon I am having the same issue where some users are not syncing and I am seeing an Error reading file in the logs. I am currently on 3.2.335. Would the upgrade help me or is this something we should look into first?

 

Reply
10 Replies
Jacob Dixon
Admin
(@jdixon)
Joined: 7 years ago

Illustrious Member
Posts: 1247

@rferrigno The new update will resolve issues with invalid characters in the XML file which causes it not to be able to read the XML file in order to reset passwords. It should resolve your issue but you need to update CloudPanel and the ADSync on each domain controller it is deployed.

Reply
rferrigno
(@rferrigno)
Joined: 5 years ago

Active Member
Posts: 7

@jdixon I upgraded them last night but I still see the errors in the logs. Should we try to reset those passwords again and do we need to delete the db xml files first?

Reply
Jacob Dixon
Admin
(@jdixon)
Joined: 7 years ago

Illustrious Member
Posts: 1247

@rferrigno It won't be able to read those previous XML files since they contain invalid characters. Only the new ones will start to function properly going forward. Let me know if you run into any issues or get more error messages

Reply
rferrigno
(@rferrigno)
Joined: 5 years ago

Active Member
Posts: 7

@jdixon thank you. So should I just reset the password to clear those xmls and overwrite them or or should I delete those xml files first?

Reply
Jacob Dixon
Admin
(@jdixon)
Joined: 7 years ago

Illustrious Member
Posts: 1247

@rferrigno I'd just go ahead and just delete them but a password reset will overwrite the files anyway. So both accomplish the same result. It is up to you! 🙂

Reply
rferrigno
(@rferrigno)
Joined: 5 years ago

Active Member
Posts: 7

@jdixon Different error this time.

 

[2021-07-28 1251,806] | ERROR | GetADSyncSettings | Error retrieving the ADSync settings: System.Exception: Unable to access ADSync settings from CloudPanel: [NotAcceptable]
at CloudPanel.SyncService.Helpers.ServiceManager.GetADSyncSettings()
[2021-07-28 1251,812] | ERROR | CloudPanel.SyncService.Tasks.GetCPUsers| Erroring retrieving a list of users from CloudPanel: Unable to access ADSync settings from CloudPanel: [NotAcceptable]
[

Reply
Jacob Dixon
Admin
(@jdixon)
Joined: 7 years ago

Illustrious Member
Posts: 1247

@rferrigno You did upgrade Cloudpanel first right? Also can you check the registry under HKLM\Software\Know More IT\Sync Service and make sure the values are correct? Sometimes if you do a "repair" (not saying you did) it can revert the DWORD values to STRING values which cause a problem:

https://kb.knowmoreit.com/docs/cloudpanel-adsync/customize-time-frames/

Reply
rferrigno
(@rferrigno)
Joined: 5 years ago

Active Member
Posts: 7

@jdixon I did upgrade the cloudpanel first. The values in the registry do look good. I verified with the knowledge base. I'm stumped.

Reply
Jacob Dixon
Admin
(@jdixon)
Joined: 7 years ago

Illustrious Member
Posts: 1247

@rferrigno Can you email me at jdixon@knowmoreit.com and let me connect to look?

Reply
rferrigno
(@rferrigno)
Joined: 5 years ago

Active Member
Posts: 7
Share:
X