Troubleshooting Authentication Issues

AD

"Authentication failed! Invalid User /Password " error while trying to login to HySecure VPN

Issue: When you try to login to HySecure VPN as a user by entering the username and password, you see the following error:

Analysis: Authentication Failure might have occurred because of any of the following reasons:

• User entered incorrect username or password
• The HySecure Domain that user selected by clicking on three dots after filling HySecure Server details were incorrect (in case if multiple hysecure domains are configured on VPN gateway)
• The AD that was configured for the chosen HySecure Domain is not reachable due to admin password update on AD and not not hysecure.

Steps to Troubleshoot:

1. Select correct hysecure domain by clicking on three dots after filling HySecure Server details
2. Ask the user to re-enter the correct username password details and check.
3. If all users are facing this problem, do the following: A. Login to HySecure Management console. B. Go to Authentication Servers and modify the AD server. C. Click "test connection".
   • If the connection fails, make sure that the password you entered is correct.
   • If you see the AD bind error, make sure that the Admin Bind, Bind DN and the admin password you entered is correct.

RADIUS

Logins are failing when RADIUS server is used as authentication server

Issue: HySecure is configured with authentication server that uses RADIUS for communication. Users are facing issue while logging in from client.

Analysis To isolate problem area we need to make sure that RADIUS server is configured correctly and working in isolation. This helps us in concluding that problem is with HySecure communication with RADIUS server or RADIUS server configuration. Admin can use NTRadPing test utility to check if RADIUS server is configured right and can authenticate user successfully with or without 2FA authentication as supported by RADIUS server.

Steps to Troubleshoot:

1. Download the NTRadPing tool

2. Unzip and open the client.

   

3. Fill out the values respectively to your environment, such as server IP, port, and shared secret.

4. Enter the username and password of your test user and hit send to start the test.
5. In response, check if the state value is returned. If it is present, we will need to declare that attribute for the next packet sent

6. To test 2FA, we will also be required to change the password to 2FA input like OTP or PIN.

   

7. If all goes well, we will see that access has been granted for the state that has been declared by the answer for the 2FA OTP.

   

8. If the request fails, identify the possible reason.