We have set up an seperate domino server to route traffic for HCL Verse and webmail to our internal domino server. This has worked fine for two months but suddenly we are not able to enroll new users in to TOTP. Existing users already enrolled can log in.
Has anyone else experienced this and has some possible solutions for it. We have not changed server settings or design since it worked.
Hello @Jens What error are you getting while enrolling new users? Have you checked the console logs after enabling TOTP debug?
|
DEBUG_TOTP=2 | To help troubleshoot TOTP problems, use these settings to enable debug logging in console.log. |
Error: 08/13/2024 20:30:14 ID for 'CN=Xxxx Xxxx Xxxx =HQ/O=Xxxx' could not be authenticated in vault 'O=ID_Vault' on server 'CN=Xxxxxx/O=Xxxxx'. 'Xxxxx/Xxxxx' made request. Error: Wrong Password. (Passwords are case sensitive - be sure to use correct upper and lower case.) on remote server
But we have ensured that passwords are correct and identical.
The reason for this error is the use of different passwords for HTTP access and the Notes ID which is not authenticating in ID vault.
Try to reset the password in the vault for a affected user and then try to setup the TOTP.
Hi Sandeep.
We have tried that and it doesn't help.
If it was working before and not now, then check if the time on the Domino servers matches.
Also what is the error message it shows when trying to setup TOTP ?
Thank you.
Regards
Shrikant J
I will check time. Thanks
System time is synced. That is not the issue. We would assume that would also affect enrolled users, but they are still able to log on. It is only new users that can't enroll.
Based on the below error message shown in the console log "Error: Wrong Password. (Passwords are case sensitive - be sure to use correct upper and lower case.) on remote server."
Can you try resetting the password in the vault for one of the affected user and then try to setup the TOTP.
If still an issue, then gather the debug logs and open a support case.
Also share what it shows in the browser while setting up TOTP.
Thank you.
Regards
Shrikant J
We have tried that. We have a support case on it but also wanted to here if other in the forum had similar experiences. Thank you Shrikant.
Hello @Jens
Does the new user IDs available in ID vault database?
Can you please try by resetting TOTP items and password of one of the user from IDvault and check again?
Regards,
Chaitanya Y
Hello,
I'm glad to hear that by resetting TOTP it worked.
There may be several possibilities for the cause of the issue, a few common causes are as follows.
There is a possibility that the respective user's document in ID vault might already have TOTP information in user ID doc in vault database. By resetting TOTP it got cleared so that user can setup TOTP.
Also, other possibility is that the error message displayed as wrong password in log for user's ID vault password.
You have informed that new users are unable to enroll for TOTP, is it ok to understand that new user's means newly registered users?
If it's newly registered users, how long did user's waited to login and setup after registering their user accounts in Domino?
Note: The reason for asking above queries is that the IDvault database view index might not updated since users registered till the time users tried to enroll for TOTP.
To determine the exact cause, it needs to be investigated with debug logs and by reviewing the problematic user ID document in vault, etc..
Regards,
Chaitanya Y
Hello Jens
For investigation of the cause, please add the Debug parameters and reproduce the scenario so the required data can be collected.
Please raise Ticket with HCL support for investigation of the cause.
DEBUG_TOTP=2
DEBUG_IDV_TOTP_TRANS=1
DEBUG_IDV_TRUSTCERT=1
Regards
Nishant Shendre