Video Screencast Help

Cannot login with Vontu Administrator

Created: 05 Dec 2012 • Updated: 06 Dec 2012 | 5 comments
This issue has been solved. See solution.


I have misconfigured the Active Directory Authentication as not setting the Default Active Directory Domain, Default Active Directory KDC and Active Directory Domain List in the System > General > Configure page. I have only set the krb5 config file info.

After tha I cannot login to Symantec DLP manager using local Administrator account. It displays "An unexpected error has occurred. Contact your system administrator if this problem persists. " error. When I check the tomcat errors I have found the logs below.

1. Why I cannot login with the Administrator (not an AD account)

2. Can I set manually other info that I have set empty in any config file or database.

05 Dec 2012 15:35:19,736- Thread: 23 INFO [com.vontu.enforce.authentication.kerberos.KerberosAuthenticationService] System property\Windows\krb5.ini
05 Dec 2012 15:35:19,737- Thread: 23 SEVERE [com.vontu.enforce.authentication.kerberos.KerberosAuthenticationService] Default AD Domain not specified
05 Dec 2012 15:35:19,737- Thread: 23 SEVERE [com.vontu.enforce.authentication.AuthenticationServiceFactory] Unable to initialize the EnforceAuthenicationService
java.lang.RuntimeException: Default AD Domain not specified
java.lang.RuntimeException: Default AD Domain not specified
at com.vontu.enforce.authentication.kerberos.KerberosAuthenticationService.<init>(
at com.vontu.enforce.authentication.AuthenticationServiceFactory.getService(
at com.vontu.enforce.authentication.realm.ProtectJAASRealm.createAuthenticationService(
at com.vontu.enforce.authentication.realm.ProtectJAASRealm.getAuthenticationService(
at com.vontu.enforce.authentication.realm.ProtectJAASRealm.authenticate(
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(
at org.apache.catalina.core.StandardHostValve.invoke(
at org.apache.catalina.valves.ErrorReportValve.invoke(
at org.apache.catalina.valves.AccessLogValve.invoke(
at org.apache.catalina.core.StandardEngineValve.invoke(
at org.apache.catalina.connector.CoyoteAdapter.service(
at org.apache.coyote.http11.AbstractHttp11Processor.process(
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(
at java.util.concurrent.ThreadPoolExecutor$

Comments 5 CommentsJump to latest comment

pete_4u2002's picture

check article id 42001 and let know if it helps?

gorkemdur's picture

Hi pete_4u2002,

I couldn't find the article; can you please share the link?


gorkemdur's picture

Hi again Pete,

Thank you for the solution. This was the thing I was looking for :) I couldn't find the related table in the database but this points that table name.

Thank you very much.

kishorilal1986's picture

Hi Gorkedur, please referer below and verify the required this what the paramater and config error

Domain user names entered for login must match the user names defined in DLP. When setting up Active Directory authentication you need to make sure that domain user names match what has been created in the Users section of the DLP UI. Also remember that DLP user names are case-sensitive even if Active Directory is not. 
For example, in DLP you can define two apparently identical user names; Jsmith and jsmith. The difference is only in the case of the first letter, but DLP considers them to be unique since the user names are case-sensitive. Both names, if entered, would authenticate against a domain user name jsmith. However, if the DLP user is created as JSMITH and you attempt a login as jsmith you will get a login failure message.
Users must be part of a role in DLP to be able to login
It is not sufficient to create a user in Vontu that matches an existing domain user. The user must also be assigned to a role within Vontu, otherwise you will be unable to login.
 After configuring DLP for Active Directory authentication, restart the Vontu Manager Service.  
gorkemdur's picture

Hi kishorilal,

I guess there is misunderstanding. I tried to configure AD authentication but misconfigured as I have not filled the defautl domain and default KDC in the configuration page. In the login page the dropdown to select domain is not displayed and I try to login with Administrator account which is one of the default users of DLP, not a domain user. Although I use administrator it throsw the "java.lang.RuntimeException: Default AD Domain not specified" exception that I found in the log files.