Symptom
When logging in with Active Directory credentials from any web application that uses OpenAccess (for example, Policies, Cardholder Self Service, and so on), the authentication fails and shows error “request timeout” in the web application user interface. Since the OpenAccess service is running under the user account (other than LOCAL SYSTEM) which does not have enough privileges, it is unable to get the handle to the directory services. OpenAccess is still waiting to get the handle and after 30 seconds (the REST protocol’s standard ESB time limit), so the request times out.
Resolution
Run the OpenAccess service with the “LOCAL SYSTEM” account, which is expected to have all required privileges for OpenAccess. If there is any security concern about running the service under “LOCAL SYSTEM” account, the OpenAccess service must run with an Active Directory user account that is a part of the Local Administrator group and has permission to authenticate the Active directory.
Applies To
OnGuard 7.4, 7.4 Update 1, 7.4 Update 2, and 7.5
Additional Information
Copyright © 2024 Carrier. All rights reserved.
