Hi Team,
We are on Octopus 2019.12.0 which is currently integrated with AD Group “Old” (Fully qualified name - old.foobargrp.net). Users login Octopus with their AD group credentials. The Octopus Server and Tentacle services are running with a service account of this group - Old/FooBar-svc-account.
We are migrating to AD Group “New” (Fully qualified name - new.foobargrp.net) during which old users will co-exist in both domains whereas new joiners are directly onboarding to new AD Group. Eventually all will be moved to new group. I am told that a two-way trust exists between these domains - so theoretically this should work out of the box.
However, currently old users use Octopus by logging from old domain, whereas new joiners cannot as the Octopus throws exception when trying to login from new domain.
Logs from inside Octopus Web UI > Configuration > Diagnostics
Principal ‘jaintaj@old.foobargrp.net’ (Domain: ‘’) could not be logged on via WIN32: 0x00000775. System.ComponentModel.Win32Exception (0x80004005): The referenced account is currently locked out and may not be logged on to
September 21st 2021 15:27:01Error
Unhandled error on request: http://fuid-octopus.old.foobargrp.net:8086/api/users/login 8474d1f371fc4f1e9ffc26f7d6f22c4d by : There is no such object on the server.
System.DirectoryServices.AccountManagement.PrincipalOperationException: There is no such object on the server.
—> System.DirectoryServices.DirectoryServicesCOMException: There is no such object on the server.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_SchemaEntry()
at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)
at System.DirectoryServices.AccountManagement.ADStoreCtx…ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)
at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry)
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
— End of inner exception stack trace —
at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable1 identityType, String identityValue, DateTime refDate) at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, String identityValue) at System.DirectoryServices.AccountManagement.UserPrincipal.FindByIdentity(PrincipalContext context, String identityValue) at Octopus.Server.Extensibility.Authentication.DirectoryServices.DirectoryServices.DirectoryServicesService.ValidateCredentials(String username, String password, CancellationToken cancellationToken) at Octopus.Server.Extensibility.Authentication.DirectoryServices.DirectoryServices.DirectoryServicesCredentialValidator.ValidateCredentials(String username, String password, CancellationToken cancellationToken) at Octopus.Server.Web.Api.Actions.Users.UserLoginAction.Execute() in C:\buildAgent\work\abb2fbfce959a439\source\Octopus.Server\Web\Api\Actions\Users\UserLoginAction.cs:line 44 at Octopus.Server.Web.Infrastructure.Api.CustomResponder
1.ExecuteRegistered() in C:\buildAgent\work\abb2fbfce959a439\source\Octopus.Server\Web\Infrastructure\Api\CustomResponder.cs:line 336
at Octopus.Server.Web.Infrastructure.Api.CustomResponder1.Respond(TDescriptor options, NancyContext context) in C:\buildAgent\work\abb2fbfce959a439\source\Octopus.Server\Web\Infrastructure\Api\CustomResponder.cs:line 297 at Octopus.Server.Web.Infrastructure.OctopusNancyModule.<>c__DisplayClass14_0.<get_Routes>b__1(Object o, CancellationToken x) in C:\buildAgent\work\abb2fbfce959a439\source\Octopus.Server\Web\Infrastructure\OctopusNancyModule.cs:line 125 at Nancy.Routing.Route
1.d__7.MoveNext()
— End of stack trace from previous location where exception was thrown —
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Nancy.Routing.DefaultRouteInvoker.d__2.MoveNext()
— End of stack trace from previous location where exception was thrown —
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Nancy.Routing.DefaultRequestDispatcher.d__5.MoveNext()
— End of stack trace from previous location where exception was thrown —
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Nancy.NancyEngine.d__22.MoveNext()
How do you suggest we approach this situation and make sure that the transition is seamless from Octopus POV?
Cheers,
Nikhil Agrawal
Devops Lead, UK based Investment Bank