i have had some issues raised to our support team that some users randomly can no longer log into Octopus Deploy. There have been a few checks on other holders and thye can log in fine, i myself have never encountered any issues.
Would this be an issue with Active Directory, would it be best just removing the user and adding them back in. I can’t see any reason why one or two people would not be able to login now. they use OD daily so i don’t think it would be an expiry or lack of activity.
Just to clarify, are these users permanently blocked from logging in, or are they occasionally blocked but then can log in fine later?
As it is only affecting a few users, my initial thought would be that something has been changed within AD specifically related to those individuals, so, that would be where I’d begin looking.
I would also take a look at the Octopus Server logs. If it is refusing to allow them to login it should be outputting a reason for it.
There are a few places to check:
Configuration > Diagnostics will contain the most recent logs, if you can get one of the affected users to try logging in a few times you should be able to catch it there.
Or you could check the full Octopus.Server.txt log. Default location C:\Octopus\Logs
Lastly, head to Tasks and then within the filters tick the Include system tasks box and filter on task type: Sync external security groups. Checking the log for one of those tasks should contain an entry for each user and may include additional information as to why the user is being blocked
e.g
My assumption is that for some reason, Octopus is failing to find the user within AD. If it was just a case of the user being moved out of a particular group and no longer having the correct permissions for Octopus, I would expect them still to be able to log in, but then be presented with zero access to anything in Octopus.
The fact that it is completely blocking them suggests that it is either not finding the user or perhaps is finding multiple matches and doesn’t know which to use.
Outstanding SynchronizeExternalSecurityGroupsForUsers tasks were not completed before the next task was due to be scheduled. If this error persists, check the Tasks tab for any running SynchronizeExternalSecurityGroupsForUsers tasks, and cancel them manually.
When i go to tasks, then i am not presented with the option to filter by System Tasks
If it seems like it is stuck in a cancelling state, then you may need to perform a restart of the Octopus service and/or the server itself to shake things loose.
No problem, there will be a Windows service that Octopus is running on. By default, it will be named OctopusDeploy.
Typically, a restart of that is enough to recover this kind of issue, it will take the server offline for a minute or so whilst it cycles though, so any deployments will need to be finished before you do it.
In some rare cases, we have seen the service fail to stop due to the stuck task getting in the way. In that situation, a full restart of the machine will be needed.