1 2 Previous Next 17 Replies Latest reply on Feb 13, 2014 3:13 PM by disabled_ntaylor

    Authentication Failed log messages in Server 10

    shearn

      Summary

      Authentication Failed log messages in Server 10

      Description of the issue

      FileMaker Product(s) involvedFileMaker Pro Server 10v2FileMaker Pro 10 (regular or Advanced) Operating System(s) involvedWindows Server 2003Windows XP, Windows7 (for the workstations) Detailed description of the issueWe are using FMS10 on WS2003 with external authentication; have been for years. Just recently I noticed that we've been getting server error 661:Client "Workstation" authentication failed on database "Project_.fp7" using "username [fmapp]".One of our systems is a converted solution that was never consolidated and so has about 30 files. The main hosted file that's opened first does not get the error above but all the files that are opened by that first file do. Not using any opener files, this behaviour is exhibited even if the user manually opens the first file from the Open Remote dialog.The error only happens for Windows users, not Mac users. It's not tied to certain accounts since I can open the file with my login from my mac, get no errors, open the files from a pc I've logged in to and then get the errors.The errors are logged to server's event logs, no errors are apparent to the users; the solution opens fine and quickly (although it is slower to open on Windows than it is on a mac).Found an article in the KB that talks about the authentication order and I've confirmed that all files do not have an "Open with" account set and all internal accounts are set before the EA accounts in the authentication order for all files.If the parent file is opened with Single Sign-on (SS), shouldn't that be passed to the other files it opens via scripts or relationships? Exact steps to reproduce the issueHost a solution with multiple files so that the first file has scripts to open the other files. Host with Server10 on Windows Server 200, open the solution from a Windows pc running FMP10 using external authentication and single sign-on. Expected ResultTo get no error messages in the log. Actual Resultsee Server Warning error 661: Client "Workstation" authentication failed on database "Project_.fp7" using "username [fmapp]" Exact text of any error message(s) that appearedClient "jcovell" authentication failed on database "Project_.fp7" using "jcovell [fmapp]".Client "jcovell" authentication failed on database "Paymnts_.fp7" using "jcovell [fmapp]".Client "jcovell" authentication failed on database "Invoice Sched_.fp7" using "jcovell [fmapp]".etc.. for all files opened after the first one. Any additional configuration information/troubleshooting that is relevant to the issuenoneAny workarounds that you have foundFortunately no error is reported to the user; they are unaware there was a problem as the system opens normally.

        • 1. Re: Authentication Failed log messages in Server 10
          shearn
             I started a thread on this topic in TechTalk (General) on Jan. 6. Other developers report seeing the same problem.
          • 2. Re: Authentication Failed log messages in Server 10
            TSGal

            SteveHearn:

             

            Thank you for your post.

             

            For clarification purposes, are you opening "Project_.fp7" first?  Or, are you opening another file first and "Project_.fp7" is being opened from another file?

             

            Does "Project_.fp7" have any File options?  If so, what are they?

             

            Are you entering the username and password on both machines (I'm double-checking case sensitivity; uppercase and lowercase)?

             

            Do you have any passwords that are empty/blank?

             

            Please send me a private message for the TechNet link.

             

            Any additional information you can provide may be helpful.

             

            TSGal

            FileMaker, Inc. 

            • 3. Re: Authentication Failed log messages in Server 10
              shearn
                

              The primary file that opens everything is Main.fp7; it opens Project and all the others either by script (Open step) or by resolving a relationship.

               

              Project_.fp7 has only opening and closing scripts, no other file options.

               

              Not sure which "both machines" you're referring to. The mac and the pc? In both cases, the account names and passwords are lower case and are entered that way.

               

              None of the files have blank passwords.

              • 4. Re: Authentication Failed log messages in Server 10
                TSGal

                SteveHearn:

                 

                Thank you for the additional information.

                 

                If possible, I would like to get a clone of your files to do some testing here.  I have sent you a private message with instructions where to send the files.

                 

                TSGal

                FileMaker, Inc. 

                • 5. Re: Authentication Failed log messages in Server 10
                  TSGal

                  SteveHearn:

                   

                  Thank you for sending your files.

                   

                  This is embarrassing, as I was told by another Support Technician that this is a known issue and documented in Knowledge Base Article #6785:

                   

                  http://filemaker.custhelp.com/cgi-bin/filemaker.cfg/php/enduser/std_adp.php?p_faqid=6785

                   

                  Please see the note at the end of the article that says this is fixed in FileMaker Server 10, BUT "The failed authentication warning will only get logged if 1) login is not SSO or 2) Setting "Client Auth Method" is set to use both FMPro and External Server accounts", which applies to you.

                    

                  I was not aware of this issue with FileMaker Server 10, and I apologize if I wasted your time.

                   

                  TSGal

                  FileMaker, Inc. 

                  • 6. Re: Authentication Failed log messages in Server 10
                    shearn
                      

                    Odd that I did not find that article when I was searching for anything on error 661. As it stands, I would argue the issue has not been fixed in Server 10 since authentication has not failed when using external authentication. It correctly does not log this error for the first file that's opened, only for subsequent files in the solution. It also correctly does not log the error if a mac client is opening the files.

                     

                    It is a bug in that the conditions for reporting the error are not consistent.

                     

                    Steve

                    • 7. Re: Authentication Failed log messages in Server 10
                      TSGal

                      SteveHearn:

                       

                      My error.  I interpreted your original message as having External Authorization along with FileMaker Pro accounts.  I will try some more testing here.

                       

                      TSGal

                      FileMaker, Inc. 

                      • 8. Re: Authentication Failed log messages in Server 10
                        BenGoldstein
                           Searching this issue on google and ran across this thread. Am running into this as well (using 10v2 server on Windows 2003). Using Active Directory/SSO it doesn't error on the file that is open first but does on the other files (as SteveHearn described).. 
                        • 9. Re: Authentication Failed log messages in Server 10
                          rto

                          Not sure if this thread is still active, but we get this same error on Filemaker Server 11 Advanced running on Windows 2003 Server. Is anyone else puzzled by FM's explanantion, quoted above: ""The failed authentication warning will only get logged if 1) login is  not SSO or 2) Setting "Client Auth Method" is set to use both FMPro and  External Server accounts."

                          Since it says "or" and not "and," it seems to say that the warning will always get logged if login is not SSO, so in our case -- we are not using SSO-- it will always get logged, even though it is false. This means 90% or more of our event log consists of false alarms. Can this be right?

                          I have given up trying to fix it, despite raised eyebrows at a recent IT audit, but does anyone else have a better understanding of FM's explanation?

                          Bob O.

                          • 10. Re: Authentication Failed log messages in Server 10
                            TSGal

                            Bob Oeste:

                            I'm trying to understand how you concluded "even though it is false."  If your login is not single-sign on, then anytime someone attempts an invalid name and password, the failed authentication warning will be logged.  The same would occur with the Cleint Auth Method set to just FMPro.  I'm not sure how this can be explained better.

                            TSGal
                            FileMaker, Inc.

                            • 11. Re: Authentication Failed log messages in Server 10
                              rto

                              Thanks, TSGal. What I am trying to say is that the "Authentication Failed" logs even when a *Valid* user name and password are entered. It logs every time no matter what.

                              • 12. Re: Authentication Failed log messages in Server 10
                                TSGal

                                Bob Oeste:

                                Sorry for the late reply.

                                What you are encountering should not be occurring.  Create a new database file and put access to the file so only you can access it.  Open the file using your password and watch the log file.  For me, this does not occur.  If this log file isn't updated with this new file, then try adding a similar user account and password to the original file, and watch the log file as you access the original file.

                                Do you have any references to other files?  If so, do they have the same user accounts and passwords?  If not, then a failed authorization would be logged.

                                TSGal
                                FileMaker, Inc.

                                • 13. Re: Authentication Failed log messages in Server 10
                                  rto

                                  TSGal,

                                  Thanks, I did as you suggested, created a new file that only I can access, opened it using my password and unfortunately the log file does still log the error:

                                  Client "RTO (jade2) [172.16.1.118]" authentication failed on database "Tester.fp7" using "Admin [fmapp]".

                                  There is no account "Admin" in this file, or rather, I renamed it RTO.

                                  Regarding references to other files I understand and agree that this would correctly generate a log entry.

                                  Bob Oeste

                                  • 14. Re: Authentication Failed log messages in Server 10
                                    TSGal

                                    Bob Oeste:

                                    Something is definitely wrong with FileMaker Server, as it should show the correct user name, and not a name that doesn't exist!  My initial thought is to do the following:

                                    1. From Admin Console, close all database files.

                                    2. Move all database files to the Desktop.

                                    3. Uninstall FileMaker Server.

                                    4. Reinstall FileMaker Server and deploy.

                                    5. Move all database files back to the Databases folder.

                                    6. Launch a browser and enter:   http://localhost:16000

                                    7. Download and launch Admin Console.

                                    8. Open all database files.

                                    From a guest machine, open the new file using the RTO account.  Check the log.

                                    TSGal
                                    FileMaker, Inc.

                                    1 2 Previous Next