For better illustration, we use the following designations in these instructions: XPhone Server: cti01.muster.local Please adjust these variables in the commands according to your / the customer's environment. |
IMPORTANT: We recommend that you save all log and console outputs in text files. If the following steps do not lead to success, we need them for further analysis. |
Solution:
After updating the XPhone server and client to version 9.0.271 or newer, there are more and more login problems via the integrated Windows login.
The reason for this is that in the older versions there were inconsistencies in the generation of the SPN (Service Principal Name) between client and server. These have been fixed with client version 9.0.271. In order for the integrated Windows login to work again, this SPNs must be recreated on the server.
The best way to proceed is described below.
-
Check whether it is possible to log in with the XPhone Connect Server login. If this is not the case, there is another problem and we ask you to open a corresponding ticket in Support. If login is possible, follow this description.
-
We use a Windows API function to determine the DNS name for creating the SPN. To check whether the API can provide us with the correct DNS name, please open a command line and enter the following command:
set
Check which name is stored for the COMPUERNAME= entry.
The host name of the XPhone Server must appear, in our example cti01. If this is not the case, there is a fundamental problem with the Windows Server. -
Please stop the XPhone Server service and use the "Change service account" function to remove the registration of the service in the domain.
-
Then check which SPNs are registered in the domain for the XPhone Server:
setspn -q AtlasService/*
You will receive an output similar to the following:
The domain "DC=muster,DC=local" is checked. CN=cti01,OU=Servers,OU=MyBusiness,DC=muster,DC=local AtlasService/cti01 WSMAN/cti01 WSMAN/cti01.muster.local TERMSRV/cti01 TERMSRV/cti01.muster.local RestrictedKrbHost/CTI01 RestrictedKrbHost/cti01.muster.local CN=svr-admin,OU=AdminUsers,OU=Users,OU=MyBusiness,DC=muster,DC=local AtlasService/cti01.muster.local Existing SPN was found.
-
If entries of the form "AtlasService/*" are found there, delete them manually.
setspn -d AtlasService/cti01 cti01 setspn -d AtlasService/cti01.muster.local srv-admin
-
Then check again for existing entries.
setspn -q AtlasService/* The domain "DC=muster,DC=local" is checked.
No such SPN was found. -
Also check for duplicate SPNs. If there are any, this indicates a problem within the domain, which you should correct first.
setspn -x
-
You can now register the XPhone service in the domain again using the Change service account function. Make sure that the "Register service in Active Directory" checkbox is ticked.
-
Check again that the correct SPNs have now been registered in the domain.
setspn -q AtlasService/*
The domain "DC=muster,DC=local" is checked.
CN=XPhone Service,OU=ServiceAccounts,OU=Users,OU=MyBusiness,DC=muster,DC=local
AtlasService/cti01.muster.local
Existing SPN was found.Note: Here "CN=XPhoneService,OU=ServiceAccounts,OU=Users,OU=MyBusiness,DC=muster,DC=local" is the account under which the XPhone Server service runs and "cti01.muster.local" is the FQDN of the computer on which the XPhone Server service is installed.
Alternatively, the following entry can also be used:setspn -q AtlasService/* The domain "DC=muster,DC=local" is checked. CN=cti01,OU=Servers,OU=MyBusiness,DC=muster,DC=local AtlasService/cti01.muster.local WSMAN/cti01 WSMAN/cti01.muster.local TERMSRV/cti01 TERMSRV/cti01.muster.local RestrictedKrbHost/CTI01 RestrictedKrbHost/cti01.muster.local Existing SPN was found.
Where "CN=cti01,OU=Servers,OU=MyBusiness,DC=muster,DC=local" is the account of the computer and "cti01.muster.local" is the FQDN of the computer on which the XPhone Server service is installed.
<>
If the integrated Windows login still does not work, please open a ticket with our support team and send us all log outputs (see note at the beginning of the article) about the steps already taken in these instructions, including a description.
</>
Comments
0 comments
Article is closed for comments.