Open with table of contents
PMM Troubleshooting
Problems with specific users logging in:
Users must log in to the PMM Portal using one of the following formats:
- Windows logon - company\pmmUser1
- Email account - pmmUser1@company.com
- Principal user name - pmmUser1@company.bar.com
When logging in to the Portal, an LDAP query is performed on the Domain Controller joined by the Gateway, as specified on the PMM Authentication Settings page. The query retrieves a list of all the email addresses associated with the Portal user. To retrieve the correct addresses, the query searches for the attribute userPrincipalName with one of the following values:
user@windows_login_domain.*
user@long_domain_name - The full mail domain name of the user.
For example, if a PMM User has a windows login of company\pmmUser1 and the mail domain name specified is companybar.com, PMM would be able to locate the user in the relevant Domain Controller if the userPrincipalName attribute is either of:
- pmmUser@company.com - matched by user@windows_login_domain
- pmmUser@company.bar.com - matched by user@windows_login_domain
- pmmUser@companybar.com - matched by user@long_domain_name
If this attribute is incorrectly configured, the user will be unable to login. You should check the userPrincipalName as follows:
- On the Domain Controller, open Active Directory Users and Computers.
- Open the Properties of the user who is unable to login.
- Select the Account tab.
- Ensure the user part of User logon name is set to the user specified by the user at Portal logon.
- Ensure the domain part of the User logon name is set to the domain or mail domain specified by the user at Portal logon.
| |
- The PMM End User Operations log contains further information about user logon failures.
- If users are locked out when attempting to log in to the Portal using their Principal User Name, they should retry using either their windows account name or full email address.
|
Enabling Single Sign-On (SSO) to the PMM Portal:
If a user opens the Portal via the digest link and their web browser is not configured to trust sending windows login credentials directly to the Portal Web Server, they will be prompted for their windows credentials. The solution depends on whether you are using Internet Explorer, Chrome or Firefox as your default browser.
Internet Explorer or Chrome
Add the HTTPS and HTTP variants of the Portal address (portal-host-name) to the Intranet Sites list:
- In Internet Explorer 8, select Tools > Internet Options > Security > Local Intranet > Sites > Advanced and enter HTTPS / HTTP://portal-host-name
- In Chrome, select Wrench > Options > Proxy Settings > Security > Local Intranet > Sites > Advanced > and enter HTTPS / HTTP://portal-host-name
Firefox
Automatic NTLM Authentication is not supported in Firefox. You must add the HTTPS and HTTP variants of the Portal address (portal-host-name) to the Filter list:
- Open Firefox and type about:config in the address bar. Press Enter.
- In the Filter field type network.automatic-ntlm-auth.trusted-uris. Press Enter and double-click the list item.
- Enter HTTPS / HTTP://portal-host-name. A comma separated list can be used.
| |
The portal-host-name must be the fully qualified name rather than the short name. |
Accessing the PMM Portal using Chrome:
When using Chrome, you may not be able to access the PMM portal with an IP address if going through a proxy using NTLM authentication.
