Troubleshoot Kerberos Server Integration Errors

Failed Logins

If a user cannot log into Bomgar using valid credentials, please check that at least one of the following sets of criteria is met.

  1. The user has been expressly added to an existing group policy.
  2. A default group policy has been set for the security provider configuration created to access the server against which the user is authenticating.
  3. The user is a member of a group that has been expressly added to an existing group policy, and both of the following conditions are met.
    1. Both the user provider and group provider have been individually configured.
    2. Group lookup has been enabled on the user provider via the If Authentication Succeeds dropdown, available upon edit.

Error 6ca and Slow Logins

  1. A 6ca error is a default response signifying that the Bomgar Appliance has not heard back from the DNS server. It may occur when attempting to log into the representative console.
  2. If users are experiencing extremely slow logins or are receiving the 6ca error, verify that DNS is configured in your /appliance interface.

Troubleshooting Individual Providers

When configuring an authentication method tied to group lookup, it is important to configure first the user provider, then the group provider, and finally the group policy memberships. When troubleshooting, you will want to work in reverse.

  1. Verify that the group policy is looking up valid data for a given provider and that you do not have any @@@ characters in the Group Policy Members field.
  2. Next, if a group provider is configured, verify that its connection settings are valid and that its Group Search Base is in the proper format.
  3. If you want to use group lookup, verify that the user provider is set to look up group memberships of authenticated users.
  4. To test the user provider, set a default policy and see if your users are able to log in.
  5. If users are not able to log in, check that either the provider is first in priority or that providers with higher priority are passing failed login requests to this user provider.