Setting up a new install of Octopus Deploy 3.8.5. It was installed in the normal user authentication mode then converted to AD authentication mode. Normal forms-based authentication works fine, and Domain authentication seems to work - with a known-bad password you have to re-enter credentials. With a known-good password, however, it redirects you to this URL and returns a 400 internal server error instead of a web page:
https://XXXocto/integrated-challenge?redirectTo=/app#/users/sign-out

Nothing is recorded in Windows application logs or Octopus logs to indicate either success or failure of the login attempt.

The PowerShell test script at this URL works fine:

More output and diagnostic info below.

Sanitized configuration output below:

Environment Information:
OperatingSystem: Microsoft Windows NT 6.2.9200.0
OsBitVersion: x64
Is64BitProcess: True
CurrentUser: AD1\xxxxxxx
MachineName: XXXOCTO
ProcessorCount: 2
CurrentDirectory: c:\Program Files\Octopus Deploy\Octopus
TempDirectory: C:\Users\xxxxxxx\AppData\Local\Temp
HostProcessName: Octopus.Server

<?xml version="1.0" encoding="utf-8"?> False Sign in with your Azure AD account name /api/users/authenticatedToken/AzureAD form_post code+id_token roles openid%20profile%20email 10943 https://www.googleapis.com/oauth2/v1/certs False https://accounts.google.com Sign in with your Google Apps account name /api/users/authenticatedToken/GoogleApps form_post code+id_token openid%20profile%20email C:\Octopus 20 Data Source=osisql-ag1;Initial Catalog=OctopusDeploy;Integrated Security=True XXXOCTO 0 true false False DC=xxxx,DC=net True True True IntegratedWindowsAuthentication False True False http://localhost/,https://localhost/ False

If I run Octopus.Server.exe checkservices I get the output below (sanitized):

Environment Information:
OperatingSystem: Microsoft Windows NT 6.2.9200.0
OsBitVersion: x64
Is64BitProcess: True
CurrentUser: AD1\xxxxxxx
MachineName: XXXOCTO
ProcessorCount: 2
CurrentDirectory: c:\Program Files\Octopus Deploy\Octopus
TempDirectory: C:\Users\xxxxxxx\AppData\Local\Temp
HostProcessName: Octopus.Server

Error: Object reference not set to an instance of an object.

Full error details are available in the log files.
At: C:\Users\xxxxxxx\AppData\Local\Octopus\Logs

Object reference not set to an instance of an object.
System.NullReferenceException
at Octopus.Shared.Startup.CheckServicesCommand.Start() in CheckServicesCommand.cs:line 34
at Octopus.Shared.Startup.AbstractCommand.Octopus.Shared.Startup.ICommand.Start(String[] commandLineArguments, ICommandRuntime commandRuntime, OptionSet commonOptions, String displayName, String version, String informationalVersion, String[] environmentInformation, String instanceName) in AbstractCommand.cs:line 77
at Octopus.Shared.Startup.OctopusProgram.Start(ICommandRuntime commandRuntime) in OctopusProgram.cs:line 214
at Octopus.Shared.Startup.ConsoleHost.Run(Action`1 start, Action shutdown) in ConsoleHost.cs:line 77
at Octopus.Shared.Startup.OctopusProgram.Run() in OctopusProgram.cs:line 104

Hi Kevin,

Thanks for getting in touch. We had another report that sounded very similar to this last week, but have not been able to determine the exact cause as yet. Could I get you to check a couple of things to help us troubleshoot?

The other report indicated the issue was only happening for them with IE11 (users with Chrome and FireFox could log in without issue). Do you know if this is the same in your scenario?

Would you also be able to try changing the AuthenticationScheme from IntegratedWindowsAuthentication to Ntlm? (there are potential issues with IE11 due to Kerberos tokens on some networks)

Regards
Shannon

It does look like IE11 is an issue. I was able to successfully log in using Firefox, I hadn’t tested other web browsers since enabling Integrated Windows Authentication.

I’m not able to find in the documentation how to revert to NTLM authentication. What is the command line switch for that?

Thanks,

Kevin Halgren

Infrastructure Services Manager

p:

1.913.663.8821

m:

1.913.626.6967

e:

kevin.halgren@exlservice.mailto:chayan.dasgupta@olsi.netcom

Hi Kevin,

Apologies, I should have included that command in my previous message. What you’ll need is Octopus.Server configure --instance=yourInstance --webAuthenticationScheme=Ntlm. If your installation is using the Default instance then you can omit the instance parameter.

We’ve also had another report that indicated use of some special characters in passwords was causing an issue in IE. This is outside of the scope of anything we can prevent, but if you find that it works for some users and not others it might be worth checking whether they are using special characters in their password.

Regards
Shannon