i have had some issues raised to our support team that some users randomly can no longer log into Octopus Deploy. There have been a few checks on other holders and thye can log in fine, i myself have never encountered any issues.
Would this be an issue with Active Directory, would it be best just removing the user and adding them back in. I can’t see any reason why one or two people would not be able to login now. they use OD daily so i don’t think it would be an expiry or lack of activity.
any advice would be greatly appreciated
Thanks for getting in touch!
Just to clarify, are these users permanently blocked from logging in, or are they occasionally blocked but then can log in fine later?
As it is only affecting a few users, my initial thought would be that something has been changed within AD specifically related to those individuals, so, that would be where I’d begin looking.
I would also take a look at the Octopus Server logs. If it is refusing to allow them to login it should be outputting a reason for it.
There are a few places to check:
- Configuration > Diagnostics will contain the most recent logs, if you can get one of the affected users to try logging in a few times you should be able to catch it there.
- Or you could check the full Octopus.Server.txt log. Default location C:\Octopus\Logs
- Lastly, head to Tasks and then within the filters tick the Include system tasks box and filter on task type: Sync external security groups. Checking the log for one of those tasks should contain an entry for each user and may include additional information as to why the user is being blocked
ill have a look at those options, i was hunting around the logs but couldn’t see the username mentioned but i will have a deeper look.
some of the users haven’t logged in for a while but one of the users uses it daily but for hte last 3 days he hasn’t been able to get in at all.
My assumption is that for some reason, Octopus is failing to find the user within AD. If it was just a case of the user being moved out of a particular group and no longer having the correct permissions for Octopus, I would expect them still to be able to log in, but then be presented with zero access to anything in Octopus.
The fact that it is completely blocking them suggests that it is either not finding the user or perhaps is finding multiple matches and doesn’t know which to use.
When i check the diagnostic tab i see this
Outstanding SynchronizeExternalSecurityGroupsForUsers tasks were not completed before the next task was due to be scheduled. If this error persists, check the Tasks tab for any running SynchronizeExternalSecurityGroupsForUsers tasks, and cancel them manually.
When i go to tasks, then i am not presented with the option to filter by System Tasks
ok, so i managed to filter to the task and i can see that this job
Synchronize external security groupshas been running for 6 days now. Would i cancel this and kick it off again?
Yeah, that sounds odd.
If you hit the cancel option, once it has fully cancelled the option to re-run should be available in the top right menu.
your help has been very much appreciated. hopefully it doesn’t take another 6 days to cancel
If it seems like it is stuck in a cancelling state, then you may need to perform a restart of the Octopus service and/or the server itself to shake things loose.
thanks, ill see how it goes
When you restart the Octopus Service what do you mean exactly. aplogies my team is pretty new to support this application
No problem, there will be a Windows service that Octopus is running on. By default, it will be named OctopusDeploy.
Typically, a restart of that is enough to recover this kind of issue, it will take the server offline for a minute or so whilst it cycles though, so any deployments will need to be finished before you do it.
In some rare cases, we have seen the service fail to stop due to the stuck task getting in the way. In that situation, a full restart of the machine will be needed.
Thanks again, ill check to see whats running and put it in maintenance mode before i restart it
Service Restarted and the job looks like its running as normal now
thanks again @paul.calvert
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.