User unable to login to Manager Web
Versions Affected: All
Issue: User(s) are not able to log on to Gimmal Records for various reasons.
Access Denied, You do not have privileges to perform this action
If this message is presented after clicking Sign In, ensure that the user account has been added to the Manager Web and the appropriate role(s) assigned.
Signin was unsuccessful
If this Message is shown after clicking Sign In Locally and entering credentials. Sign In Locally can only be used by the internal Gimmal Records Administrator account. Regular user accounts should log in by clicking Sign In. Internal Gimmal Records Service Accounts cannot log in via the Manager Web Sign In page.
Tenant does not exist for the provided login
If this Message is shown when trying to log in to a Manager Web hosted in Gimmal’s SaaS environment.
Ensure the following:
The correct Manager Web URL is used - e.g., Gimmal’s TEST vs PROD SaaS environment
User has been invited to the Gimmal Records SaaS tenant, and User has accepted the invitation
User account is added to the Manager Web, and the correct role(s) and permissions are assigned
We're sorry, but something went wrong. If this problem persists, please contact your system administrator.
Displayed when the user tries to log in. There are multiple configuration issues that may result in this error message:
Invalid/expired/missing SSL certificate
Ensure the certificate has not expired
Ensure the certificate matches the URL for the Manager Web
After installation or upgrading, ensure that the certificate has been correctly added to the SSL binding for both IIS sites.
In the web.config files for both the Gimmal Records and Gimmal Records STS sites (usually named Records Management and Records Management STS), ensure that the entries containing the site URLs are correct. This often happens during an upgrade if a different value is entered than what was used during the original installation. E.g. - if you use https://records.domain.com to browse to the Manager Web, that exact URL is what should be found in both web.config files. NOTE: This can also result in an Invalid Certificate message in the ELMAH logs.
Ensure the Authentication Providers are set up correctly in IIS:
Records Management: Anonymous
Records Management STS: Windows Authentication-NTLM only
(Virtual Directory) metadata: Anonymous
If attempting to log in on the same server where the Manager Web is installed, make sure the loopback check is disabled.
In the registry, HKLM\SYSTEM\ControlSet001\Control\Lsa, create a new DWORD value, DisableLoopbackCheck, and set the value to 1. Make sure to clear the browser cache, then restart the browser and attempt to log in again.
The address bar shows a long URL with a portion of it constantly changing; only the Gimmal Records Administrator account is able to log in locally.
This can be due to a different URL being used to browse to the Gimmal Records Manager Web than what is specified in the web.config files for the Gimmal Records IIS sites. If, for example, the URL for Gimmal Records is https://records.company.local:8080, and Gimmal Records STS is https://records.company.local:8081, then the expected entries below would be:
For <Manager Web URL:port>, use records.company.local:8080
e.g. - https://records.company.local:8080
For <Manager Web STS URL:port, use records.company.local:8081
e.g. - https://records.company.local:8081
Gimmal Records site web.config example entries
<appSettings>
…snip…
<add key="rl.ws_fed_meta" value="https://<Manager Web STS URL:port>/metadata/federationmetadata.svc/xml" />
<add key="rl.ws_fed_realm" value="https://<Manager Web URL:port>" />
<add key="rl.ws_fed_reply" value="https://<Manager Web URL:port>" />
<add key="rl.ws_fed_audience" value="https://<Manager Web URL:port>" />
…snip…
<add key="rl.ws_trust" value="https://<Manager Web STS URL:port>/Trust.svc" />
Gimmal Records STS site web.config example entries
<configuration>
<appSettings>
<add key="rl.issuer_name" value="WindowsSTS" />
<add key="rl.signing_certificate_name" value="CN=RecordLion.RecordsManager.WindowsSTS" />
<add key="rl.encrypting_certificate_name" value="" />
<add key="rl.expected_address" value="https://<Manager Web URL:port>" />
</appSettings>