Skip to main content
Skip table of contents

User unable to login to Manager Web

Versions Affected: All 

Issue: User(s) are not able to log on to Gimmal Records for various reasons.

Access Denied, You do not have privileges to perform this action

If this message is presented after clicking Sign In, ensure that the user account has been added to the Manager Web and the appropriate role(s) assigned.

Signin was unsuccessful

If this Message is shown after clicking Sign In Locally and entering credentials. Sign In Locally can only be used by the internal Gimmal Records Administrator account. Regular user accounts should log in by clicking Sign In. Internal Gimmal Records Service Accounts cannot log in via the Manager Web Sign In page.

Tenant does not exist for the provided login

If this Message is shown when trying to log in to a Manager Web hosted in Gimmal’s SaaS environment.

Ensure the following:

  1. The correct Manager Web URL is used - e.g., Gimmal’s TEST vs PROD SaaS environment

  2. User has been invited to the Gimmal Records SaaS tenant, and User has accepted the invitation

  3. User account is added to the Manager Web, and the correct role(s) and permissions are assigned

We're sorry, but something went wrong. If this problem persists, please contact your system administrator.

Displayed when the user tries to log in. There are multiple configuration issues that may result in this error message:

  1. Invalid/expired/missing SSL certificate

    • Ensure the certificate has not expired

    • Ensure the certificate matches the URL for the Manager Web

    • After installation or upgrading, ensure that the certificate has been correctly added to the SSL binding for both IIS sites.

  2. In the web.config files for both the Gimmal Records and Gimmal Records STS sites (usually named Records Management and Records Management STS), ensure that the entries containing the site URLs are correct. This often happens during an upgrade if a different value is entered than what was used during the original installation. E.g. - if you use https://records.domain.com to browse to the Manager Web, that exact URL is what should be found in both web.config files. NOTE: This can also result in an Invalid Certificate message in the ELMAH logs.

  3. Ensure the Authentication Providers are set up correctly in IIS:

    • Records Management: Anonymous

    • Records Management STS: Windows Authentication-NTLM only

      • (Virtual Directory) metadata: Anonymous

  4. If attempting to log in on the same server where the Manager Web is installed, make sure the loopback check is disabled.

    1. In the registry, HKLM\SYSTEM\ControlSet001\Control\Lsa, create a new DWORD value, DisableLoopbackCheck, and set the value to 1. Make sure to clear the browser cache, then restart the browser and attempt to log in again.

The address bar shows a long URL with a portion of it constantly changing; only the Gimmal Records Administrator account is able to log in locally.

This can be due to a different URL being used to browse to the Gimmal Records Manager Web than what is specified in the web.config files for the Gimmal Records IIS sites. If, for example, the URL for Gimmal Records is https://records.company.local:8080, and Gimmal Records STS is https://records.company.local:8081, then the expected entries below would be:

  1. For <Manager Web URL:port>, use records.company.local:8080

    1. e.g. - https://records.company.local:8080

  2. For <Manager Web STS URL:port, use records.company.local:8081

    1. e.g. - https://records.company.local:8081

  • Gimmal Records site web.config example entries

<appSettings>
…snip…
<add key="rl.ws_fed_meta" value="https://<Manager Web STS URL:port>/metadata/federationmetadata.svc/xml" />
<add key="rl.ws_fed_realm" value="https://<Manager Web URL:port>" />
<add key="rl.ws_fed_reply" value="https://<Manager Web URL:port>" />
<add key="rl.ws_fed_audience" value="https://<Manager Web URL:port>" />
…snip…
<add key="rl.ws_trust" value="https://<Manager Web STS URL:port>/Trust.svc" />

  • Gimmal Records STS site web.config example entries

<configuration>
<appSettings>
<add key="rl.issuer_name" value="WindowsSTS" />
<add key="rl.signing_certificate_name" value="CN=RecordLion.RecordsManager.WindowsSTS" />
<add key="rl.encrypting_certificate_name" value="" />
<add key="rl.expected_address" value="https://<Manager Web URL:port>" />
</appSettings>

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close