Network users may not be able to login to the Streaming Console and may receive a false message indicating their username or password was entered incorrectly when in fact no error has been made inputting the user's credentials when the User Data Source (UDS) is configured to use the Active Directory Services Interface (ADSI) instead of the legacy LDAP connector; ADSI is the default setting for new installations, upgrades will use the existing LDAP connector.
In addition to the error message depicted above, you can enabling debug logging on the Streamlet Engine by editing the
2014-10-09 15:36:20,252 DEBUG [http--172.27.16.182-9832-5] authenticateConsoleUser| [USER_SERVICE] authenticateUser username: username
2014-10-09 15:36:20,283 DEBUG [http--172.27.16.182-9832-5] authenticateConsoleUser| [USER_SERVICE] AdsiUserManagement.searchUsers count 1
2014-10-09 15:36:21,299 DEBUG [http--172.27.16.182-9832-5] authenticateConsoleUser| [USER_SERVICE] DBUserManagement getUser name [email protected]
2014-10-09 15:36:21,315 ERROR [http--172.27.16.182-9832-5] authenticateConsoleUser| java.lang.NullPointerException
2014-10-09 15:36:21,315 DEBUG [http--172.27.16.182-9832-5] authenticateConsoleUser|
java.lang.NullPointerException
at org.apache.torque.util.SqlExpression.processInValue(SqlExpression.java:662)
at org.apache.torque.util.SqlExpression.buildIn(SqlExpression.java:631)
at org.apache.torque.util.SqlExpression.build(SqlExpression.java:307)
at org.apache.torque.util.Criteria$Criterion.appendTo(Criteria.java:3436)
at org.apache.torque.util.Criteria$Criterion.toString(Criteria.java:3582)
at org.apache.torque.util.BasePeer$3.process(BasePeer.java:733)
at org.apache.torque.util.SQLBuilder.processCriterions(SQLBuilder.java:432)
at org.apache.torque.util.SQLBuilder.buildQueryClause(SQLBuilder.java:299)
at org.apache.torque.util.BasePeer.createQuery(BasePeer.java:730)
at org.apache.torque.util.BasePeer.doSelect(BasePeer.java:779)
at com.appstream.dbimpl.sql.om.BaseAsConsoleUserPeer.doSelectVillageRecords(BaseAsConsoleUserPeer.java:387)
at com.appstream.dbimpl.sql.om.BaseAsConsoleUserPeer.doSelect(BaseAsConsoleUserPeer.java:339)
at com.appstream.dbimpl.sql.om.AsConsoleUser.mergePermissions(AsConsoleUser.java:232)
at com.appstream.dbimpl.DAImpl.retrieveConsoleUser(DAImpl.java:4053)
at com.appstream.dbimpl.DAImpl.authenticateConsoleUser(DAImpl.java:3990)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.appstream.db.util.ClassUtilities.invoke(ClassUtilities.java:80)
at com.appstream.db.remote.DbMsg.invoke(DbMsg.java:226)
at com.appstream.dbimpl.DAMgr.handleMsg(DAMgr.java:259)
at com.appstream.db.remote.AbstractManager.doService(AbstractManager.java:120)
at com.appstream.db.remote.DAServlet.doPost(DAServlet.java:100)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)
at java.lang.Thread.run(Thread.java:744)
The service account configured in the UDS that is used to access the directory service may not have sufficient privileges to read a group in the user's group membership list; this resulted in a searchGroupsInt call returning an empty array. The calling Java function didn't expect this as it constructed its SQL statement. We now return a NULL in ADSI's
This defect is targeted to be fixed in 7.5 SP1 HF3; upgrading to this version will resolve the problem.
There are a couple of workarounds in the meantime:
Workaround 1
Workaround 2
Applies To
Symantec Workspace Streaming (SWS) 7.5.0.493 (GA) through SWS 7.5.0.770 (SP1 HF2) with the User Data Source (UDS) configured to use Active Directory Services Interface (ADSI).