Certain User Cannot Login - AD Integrated

Server : Windows Server 2019 | AD Server : Windows Server 2012R2
Openfire Version: 4.7.3
Spark Version : 2.9.4
Pidgin Version : 2.14.10

Openfire server is integrated with Active Directory. Everything was working fine, no any changes made.

Issue:
Certain User cannot login. It says “Username or Password is incorrect” whereas the username and passwords is correct.

Here is the log I collected from Pidgin.
-----Login successful log of another user-----------

14:42:01) buddyicon: Could not get file info of 
(14:42:01) account: Connecting to account rocky.bist@sparksrv.manjushreefinance.com/.
(14:42:01) connection: Connecting. gc = 077CE770
(14:42:01) dnssrv: querying SRV record for sparksrv.manjushreefinance.com: _xmpp-client._tcp.sparksrv.manjushreefinance.com
(14:42:01) dnssrv: Couldn't look up SRV record. DNS name does not exist. (9003).
(14:42:01) dnsquery: Performing DNS lookup for sparksrv.manjushreefinance.com
(14:42:01) dnsquery: IP resolved for sparksrv.manjushreefinance.com
(14:42:01) proxy: Attempting connection to 192.168.1.13
(14:42:01) proxy: Connecting to sparksrv.manjushreefinance.com:5222 with no proxy
(14:42:01) proxy: Connection in progress
(14:42:01) proxy: Connecting to sparksrv.manjushreefinance.com:5222.
(14:42:01) proxy: Connected to sparksrv.manjushreefinance.com:5222.
(14:42:01) jabber: Sending (rocky.bist@sparksrv.manjushreefinance.com): <?xml version='1.0' ?>
(14:42:01) jabber: Sending (rocky.bist@sparksrv.manjushreefinance.com): <stream:stream to='sparksrv.manjushreefinance.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(14:42:01) jabber: Recv (205): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="sparksrv.manjushreefinance.com" id="9nz0cric1e" xml:lang="en" version="1.0">
(14:42:01) jabber: Recv (473): <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><ver xmlns="urn:xmpp:features:rosterver"/><c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="https://www.igniterealtime.org/projects/openfire/" ver="af4Am04OcetDsim6aKIY0YfijI8="/></stream:features>
(14:42:01) jabber: Sending (rocky.bist@sparksrv.manjushreefinance.com): <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
(14:42:01) jabber: Recv (50): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
(14:42:01) nss: SSL version 3.3 using 128-bit AES-GCM with 128-bit AEAD MAC
Server Auth: 2048-bit RSA, Key Exchange: 256-bit ECDHE, Compression: NULL
Cipher Suite Name: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(14:42:01) nss: subject=CN=sparksrv.manjushreefinance.com issuer=CN=sparksrv.manjushreefinance.com
(14:42:01) certificate/x509/tls_cached: Starting verify for sparksrv.manjushreefinance.com
(14:42:01) certificate/x509/tls_cached: Checking for cached cert...
(14:42:01) certificate/x509/tls_cached: ...Found cached cert
(14:42:01) nss/x509: Loading certificate from C:\Users\abhimanyu.neupane\AppData\Roaming\.purple\certificates\x509\tls_peers\sparksrv.manjushreefinance.com
(14:42:01) certificate/x509/tls_cached: Peer cert matched cached
(14:42:01) nss/x509: Exporting certificate to C:\Users\abhimanyu.neupane\AppData\Roaming\.purple\certificates\x509\tls_peers\sparksrv.manjushreefinance.com
(14:42:01) util: Writing file C:\Users\abhimanyu.neupane\AppData\Roaming\.purple\certificates\x509\tls_peers\sparksrv.manjushreefinance.com
(14:42:01) nss: Trusting CN=sparksrv.manjushreefinance.com
(14:42:01) certificate: Successfully verified certificate for sparksrv.manjushreefinance.com
(14:42:01) jabber: Sending (ssl) (rocky.bist@sparksrv.manjushreefinance.com): <stream:stream to='sparksrv.manjushreefinance.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(14:42:01) jabber: Recv (ssl)(617): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="sparksrv.manjushreefinance.com" id="9nz0cric1e" xml:lang="en" version="1.0"><stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><ver xmlns="urn:xmpp:features:rosterver"/><c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="https://www.igniterealtime.org/projects/openfire/" ver="af4Am04OcetDsim6aKIY0YfijI8="/></stream:features>
(14:42:01) sasl: Mechs found: PLAIN
(14:42:01) jabber: Sending (ssl) (rocky.bist@sparksrv.manjushreefinance.com): <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN' xmlns:ga='http://www.google.com/talk/protocol/auth' ga:client-uses-full-bind-result='true'>password removed</auth>
(14:42:01) jabber: Recv (ssl)(51): <success xmlns="urn:ietf:params:xml:ns:xmpp-sasl"/>
(14:42:01) jabber: Sending (ssl) (rocky.bist@sparksrv.manjushreefinance.com): <stream:stream to='sparksrv.manjushreefinance.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(14:42:01) jabber: Recv (ssl)(699): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="sparksrv.manjushreefinance.com" id="9nz0cric1e" xml:lang="en" version="1.0"><stream:features><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><ver xmlns="urn:xmpp:features:rosterver"/><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"/><session xmlns="urn:ietf:params:xml:ns:xmpp-session"><optional/></session><sm xmlns='urn:xmpp:sm:2'/><sm xmlns='urn:xmpp:sm:3'/><c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="https://www.igniterealtime.org/projects/openfire/" ver="af4Am04OcetDsim6aKIY0YfijI8="/></stream:features>
(14:42:01) jabber: Sending (ssl) (rocky.bist@sparksrv.manjushreefinance.com): <iq type='set' id='purple374f5c99'><bind xmlns='urn:ietf:params:xml:ns:xmpp-bind'/></iq>
(14:42:01) jabber: Recv (ssl)(207): <iq type="result" id="purple374f5c99" to="sparksrv.manjushreefinance.com/9nz0cric1e"><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind"><jid>rocky.bist@sparksrv.manjushreefinance.com/9nz0cric1e</jid></bind></iq>
(14:42:01) XEP-0198: Enabling stream management
(14:42:01) jabber: Sending (ssl) (rocky.bist@sparksrv.manjushreefinance.com/9nz0cric1e): <enable xmlns='urn:xmpp:sm:3'/>
(14:42:01) jabber: Sending (ssl) (rocky.bist@sparksrv.manjushreefinance.com/9nz0cric1e): <iq type='set' id='purple374f5c9a'><session xmlns='urn:ietf:params:xml:ns:xmpp-session'/></iq>
(14:42:01) jabber: Sending (ssl) (rocky.bist@sparksrv.manjushreefinance.com/9nz0cric1e): <r xmlns='urn:xmpp:sm:3'/>
(14:42:01) jabber: Recv (ssl)(32): <enabled xmlns="urn:xmpp:sm:3"/>
(14:42:01) XEP-0198: Stream management is enabled
(14:42:01) jabber: Recv (ssl)(146): <iq type="result" id="purple374f5c9a" from="rocky.bist@sparksrv.manjushreefinance.com" to="rocky.bist@sparksrv.manjushreefinance.com/9nz0cric1e"/>
(14:42:01) jabber: Sending (ssl) (rocky.bist@sparksrv.manjushreefinance.com/9nz0cric1e): <iq type='get' id='purple374f5c9b' to='sparksrv.manjushreefinance.com'><query xmlns='http://jabber.org/protocol/disco#items'/></iq>
(14:42:01) jabber: Sending (ssl) (rocky.bist@sparksrv.manjushreefinance.com/9nz0cric1e): <r xmlns='urn:xmpp:sm:3'/>
(14:42:01) jabber: Sending (ssl) (rocky.bist@sparksrv.manjushreefinance.com/9nz0cric1e): <iq type='get' id='purple374f5c9c' to='sparksrv.manjushreefinance.com'><query xmlns='http://jabber.org/protocol/disco#info'/></iq>
(14:42:01) jabber: Sending (ssl) (rocky.bist@sparksrv.manjushreefinance.com/9nz0cric1e): <r xmlns='urn:xmpp:sm:3'/>
(14:42:01) jabber: Recv (ssl)(33): <a xmlns='urn:xmpp:sm:3' h='1' />
(14:42:01) XEP-0198: Acknowledged 1 out of 3 outbound stanzas
(14:42:01) jabber: Recv (ssl)(848): <iq type="result" id="purple374f5c9b" from="sparksrv.manjushreefinance.com" to="rocky.bist@sparksrv.manjushreefinance.com/9nz0cric1e"><query xmlns="http://jabber.org/protocol/disco#items"><item jid="updater.sparksrv.manjushreefinance.com" name="Spark Updater"/><item jid="conference.sparksrv.manjushreefinance.com" name="Public Chatrooms"/><item jid="httpfileupload.sparksrv.manjushreefinance.com" name="sparksrv.manjushreefinance.com"/><item jid="search.sparksrv.manjushreefinance.com" name="User Search"/><item jid="pubsub.sparksrv.manjushreefinance.com" name="Publish-Subscribe service"/><item jid="manager.sparksrv.manjushreefinance.com" name="Client Control Manager"/><item jid="broadcast.sparksrv.manjushreefinance.com" name="Broadcast service"/><item jid="proxy.sparksrv.manjushreefinance.com" name="Socks 5 Bytestreams Proxy"/></query></iq>




—Log of user credential incorrect—

(14:13:05) account: Connecting to account abhimanyu.neupane@sparksrv.manjushreefinance.com/.
(14:13:05) connection: Connecting. gc = 03A927E8
(14:13:05) dnssrv: querying SRV record for sparksrv.manjushreefinance.com: _xmpp-client._tcp.sparksrv.manjushreefinance.com
(14:13:05) dnssrv: Couldn't look up SRV record. DNS name does not exist. (9003).
(14:13:05) dnsquery: Performing DNS lookup for sparksrv.manjushreefinance.com
(14:13:05) dnsquery: IP resolved for sparksrv.manjushreefinance.com
(14:13:05) proxy: Attempting connection to 192.168.1.13
(14:13:05) proxy: Connecting to sparksrv.manjushreefinance.com:5222 with no proxy
(14:13:05) proxy: Connection in progress
(14:13:05) proxy: Connecting to sparksrv.manjushreefinance.com:5222.
(14:13:05) proxy: Connected to sparksrv.manjushreefinance.com:5222.
(14:13:05) jabber: Sending (abhimanyu.neupane@sparksrv.manjushreefinance.com): <?xml version='1.0' ?>
(14:13:05) jabber: Sending (abhimanyu.neupane@sparksrv.manjushreefinance.com): <stream:stream to='sparksrv.manjushreefinance.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(14:13:05) jabber: Recv (205): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="sparksrv.manjushreefinance.com" id="5okwlogglq" xml:lang="en" version="1.0">
(14:13:05) jabber: Recv (473): <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><ver xmlns="urn:xmpp:features:rosterver"/><c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="https://www.igniterealtime.org/projects/openfire/" ver="af4Am04OcetDsim6aKIY0YfijI8="/></stream:features>
(14:13:05) jabber: Sending (abhimanyu.neupane@sparksrv.manjushreefinance.com): <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
(14:13:05) jabber: Recv (50): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
(14:13:05) nss: SSL version 3.3 using 128-bit AES-GCM with 128-bit AEAD MAC
Server Auth: 2048-bit RSA, Key Exchange: 256-bit ECDHE, Compression: NULL
Cipher Suite Name: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(14:13:05) nss: subject=CN=sparksrv.manjushreefinance.com issuer=CN=sparksrv.manjushreefinance.com
(14:13:05) certificate/x509/tls_cached: Starting verify for sparksrv.manjushreefinance.com
(14:13:05) certificate/x509/tls_cached: Checking for cached cert...
(14:13:05) certificate/x509/tls_cached: ...Found cached cert
(14:13:05) nss/x509: Loading certificate from C:\Users\abhimanyu.neupane\AppData\Roaming\.purple\certificates\x509\tls_peers\sparksrv.manjushreefinance.com
(14:13:05) certificate/x509/tls_cached: Peer cert matched cached
(14:13:05) nss/x509: Exporting certificate to C:\Users\abhimanyu.neupane\AppData\Roaming\.purple\certificates\x509\tls_peers\sparksrv.manjushreefinance.com
(14:13:05) util: Writing file C:\Users\abhimanyu.neupane\AppData\Roaming\.purple\certificates\x509\tls_peers\sparksrv.manjushreefinance.com
(14:13:05) nss: Trusting CN=sparksrv.manjushreefinance.com
(14:13:05) certificate: Successfully verified certificate for sparksrv.manjushreefinance.com
(14:13:05) jabber: Sending (ssl) (abhimanyu.neupane@sparksrv.manjushreefinance.com): <stream:stream to='sparksrv.manjushreefinance.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(14:13:05) jabber: Recv (ssl)(617): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="sparksrv.manjushreefinance.com" id="5okwlogglq" xml:lang="en" version="1.0"><stream:features><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><ver xmlns="urn:xmpp:features:rosterver"/><c xmlns="http://jabber.org/protocol/caps" hash="sha-1" node="https://www.igniterealtime.org/projects/openfire/" ver="af4Am04OcetDsim6aKIY0YfijI8="/></stream:features>
(14:13:05) sasl: Mechs found: PLAIN
(14:13:05) jabber: Sending (ssl) (abhimanyu.neupane@sparksrv.manjushreefinance.com): <auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN' xmlns:ga='http://www.google.com/talk/protocol/auth' ga:client-uses-full-bind-result='true'>password removed</auth>
(14:13:05) jabber: Recv (ssl)(77): <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><not-authorized/></failure>
(14:13:05) connection: Connection error on 03A927E8 (reason: 2 description: Incorrect username or password)
(14:13:05) account: Disconnecting account abhimanyu.neupane@sparksrv.manjushreefinance.com/ (03198A40)
(14:13:05) connection: Disconnecting connection 03A927E8
(14:13:05) jabber: Sending (ssl) (abhimanyu.neupane@sparksrv.manjushreefinance.com): </stream:stream>
(14:13:05) connection: Destroying connection 03A927E8
(14:13:06) util: Writing file prefs.xml to directory C:\Users\abhimanyu.neupane\AppData\Roaming\.purple
(14:13:06) util: Writing file C:\Users\abhimanyu.neupane\AppData\Roaming\.purple\prefs.xml
(14:13:10) util: Writing file accounts.xml to directory C:\Users\abhimanyu.neupane\AppData\Roaming\.purple
(14:13:10) util: Writing file C:\Users\abhimanyu.neupane\AppData\Roaming\.purple\accounts.xml
(14:15:34) Gdk: gdkproperty-win32.c:200: OpenClipboard failed: Access is denied.

I don’t know what’s the issue. I tries searing but nothing.

I got the solution. I issue was in the AD account. User was configured to restrict the login on only one workstation. So when I tried to login on spark I was getting invalid username or passwords. I remove the logon workstation restrict and login successfully. I also wanted to restrict login on another computer as well as login on spark, so i added my DC, openfire server, and my workstation in the list. In this way I restrict my login on another computer as well as login to my spark.

I hope it helps. :slight_smile: