none
User log in problem after userid has been changed

    Question

  • I am using Project Server 2010 SP1.  I have a user who used the system for about a year under the AD account id ricann.  Recently her name changed and Systems Administration updated her AD credentials to davann.   I updated her userid in Project Server 2010 in Server Settings and the enterprise resource pool.  Her new name shows correctly on the enterprise resource pool and on the projects where she is assigned.  Her e-mail address is updated to her new e-mail address too.   We are not using AD synchronization as far as I know.

    She can go directly to project sites from bookmarks after logging in to her laptop or mine with her new userid, davann.  However, if she tries to go to the main URL for our PWA instance, she get an "Access Denied" page that says it can't log her in with account ricann.  We've cleared her IE cache and she's even used a different machine that she never used before.  Can anyone help us solve this puzzle?

    Thanks,

     

    Walter


    Walter
    Tuesday, December 20, 2011 10:13 PM

Answers

  • Hi Walter,

    Have you tried resaving the users account in PWA > Manage Users, check that the jobs are successful in the Project Server queue then ask the user to retest? If you have already done this, can you update the users logon account to a Test AD account then save the user. Once saved successfully edit the user again and add the correct logon account back in for this user and save. Once the jobs have completed in the project server queue ask the user to retest.

    Hope that helps

    Paul


    Paul Mather | Twitter | http://pwmather.wordpress.com
    • Marked as answer by wacNTN Wednesday, December 21, 2011 4:26 PM
    Tuesday, December 20, 2011 11:49 PM
    Moderator
  • Ultimately, Microsoft support was able to resolve this but the Project Server and Sharepoint groups went back and forth proving it wasn't there problem for quite a while.

    Ultimately it turned out to be a very low level issue on the server. I am not a server admin but I'll do my best to explain this based on the information the escalation engineer sent to me.

    First to fix this, we did a hard or cold boot of the WFE for Project Server. In our installation, we just have one server.  I am not sure what would have to be rebooted in a multi-server installation.

    The cause was that the LSA Cache on the SharePoint server had stale information for this particular user.  As I understand this, the LSA Cache is supposed to refresh user credentials from a domain controller regularly.  But for some reason, for this user, it was not updating this.  Restarting the server destroyed the LSA Cache and forced a rebuild from a domain controller. 

    Hope this helps others!


    Walter


    • Marked as answer by wacNTN Wednesday, June 13, 2012 1:33 PM
    • Edited by wacNTN Wednesday, June 13, 2012 1:33 PM
    Wednesday, June 13, 2012 1:33 PM

All replies

  • Hi Walter,

    Have you tried resaving the users account in PWA > Manage Users, check that the jobs are successful in the Project Server queue then ask the user to retest? If you have already done this, can you update the users logon account to a Test AD account then save the user. Once saved successfully edit the user again and add the correct logon account back in for this user and save. Once the jobs have completed in the project server queue ask the user to retest.

    Hope that helps

    Paul


    Paul Mather | Twitter | http://pwmather.wordpress.com
    • Marked as answer by wacNTN Wednesday, December 21, 2011 4:26 PM
    Tuesday, December 20, 2011 11:49 PM
    Moderator
  • I'm not sure I follow all your questions. I'll try to respond.

    I have opened the user's account in PWA, SErver Settings, Manage Users  and made some changes and saved it.  All queue jobs related to this user are completed.  I have not checked if anything is pending in Project Pro but this user doesn't really use that very often so I suspect there aren't issues there. I'll double check it though.

    Re: your though on updating the logon account to a test AD account, let me make sure I understand you.  Are these the steps you are suggesting I try?

    1. Open the account in Manage Users.

    2. In the User Authentication section change the User Logon Account value to a different (test) AD account.

    3. Save the account.

    4. Open the account in Manage Users.

    5. In the User Authentication section change the User Logon Account value to the user's real (new) userid (currently davann)

    6. Save the account.

    7. Check that the queues have processed.

    8. Have the user try logging in again.

    Seems like a "no change - change" to get the system to refresh this data for this account.  I'll give it a try.


    Walter
    Wednesday, December 21, 2011 4:23 PM
  • Well, whether I understood you correctly or not, I did these steps and it fixed the problem.  Thanks for this suggestion!
    Walter
    Wednesday, December 21, 2011 4:26 PM
  • Hi Walter,

    I'm happy this resolved the issue for you :)

    Thanks

    Paul


    Paul Mather | Twitter | http://pwmather.wordpress.com
    Wednesday, December 21, 2011 4:44 PM
    Moderator
  • For some reason, the user is still having problems.  When we enter the URL to our Project Server 2010 environment directly into the Address bar on her laptop, she gets an access denied message that shows her old userid.  The same thing happens if she uses a different PC or laptop so it doesn't seem like its a local cache issue.  It seems like its something on the server.  We're still puzzled and she's getting way behind on her work because of this.
    Walter
    Wednesday, January 04, 2012 2:23 PM
  • One thing I haven't seen you try is to change the user account in the Windows
    control panel.  On her computer, navigate to the control panel.
     
    In Windows 7 (and other versions are similar)....
     
    1) User Accounts
    2) Manage Credentials (Maybe "Advanced" in prior versions)
    3) See if maybe the PWA one is stored there with the old account.
     
    This happens to me a lot when I click the button to store my credentials
    after logging into PWA with a test account.
     
     

    Andrew Lavinsky [MVP] Blog: http://azlav.umtblog.com Twitter: @alavinsky
    Wednesday, January 04, 2012 5:41 PM
    Moderator
  • We don't see anything stored undrer User Accounts there.

    I can go into Server Settings, Manage Users and temporarily change her logon id to another id (one that is not a PS user), save it, and then come back in and change it to her valid userid.  If I do this, she can then login and work normally.  But the next day it is broken again.  

    This is crazy.  Sure seems like something is not sync'd on the server side correctly but we can't make it stick.  To my knowledge we aren't using any AD synchronization though.


    Walter
    Thursday, January 12, 2012 2:56 PM
  • Hi there,

    I would confirm that you are not doing AD synch on the Manage Groups page, only thing I can think of that will cause this to stop working the next day - although not sure why it would cause an issue if it is synching the correct details!

    Thanks

    Paul


    Paul Mather | Twitter | http://pwmather.wordpress.com
    Thursday, January 12, 2012 5:38 PM
    Moderator
  • And just to make sure....are you sync'ing the Resource Pool (not the User Groups)?  Sometimes the Resource Pool sync doesn't play nice with the User Group Sync.
    Andrew Lavinsky [MVP] Blog: http://azlav.umtblog.com Twitter: @alavinsky
    Thursday, January 12, 2012 5:44 PM
    Moderator
  • As far as I can tell we aren't doing any AD synchronization.  We specifically decided with our partner not to go this route.

    I have a tech assistance call scheduled with MS right now.


    Walter
    Friday, January 13, 2012 7:36 PM
  • Did an answer ever come up  for this? I have a similar problem although it is showing up in asp.net  websites, but the user id was changed and we are getting her old id back when applications are asking windows what user is logged in?
    Monday, April 16, 2012 2:04 PM
  • Ultimately, Microsoft support was able to resolve this but the Project Server and Sharepoint groups went back and forth proving it wasn't there problem for quite a while.

    Ultimately it turned out to be a very low level issue on the server. I am not a server admin but I'll do my best to explain this based on the information the escalation engineer sent to me.

    First to fix this, we did a hard or cold boot of the WFE for Project Server. In our installation, we just have one server.  I am not sure what would have to be rebooted in a multi-server installation.

    The cause was that the LSA Cache on the SharePoint server had stale information for this particular user.  As I understand this, the LSA Cache is supposed to refresh user credentials from a domain controller regularly.  But for some reason, for this user, it was not updating this.  Restarting the server destroyed the LSA Cache and forced a rebuild from a domain controller. 

    Hope this helps others!


    Walter


    • Marked as answer by wacNTN Wednesday, June 13, 2012 1:33 PM
    • Edited by wacNTN Wednesday, June 13, 2012 1:33 PM
    Wednesday, June 13, 2012 1:33 PM