Evolutis
asked on
Cannot log on to Project Server 2003 with AD user accounts
Hi Experts,
I've installed Microsoft Project Server 2003 on a Windows 2003 Server Std.
I've create all user accounts on Project Server, and configure the accounts to use the Windows authentication.
If I try to connect with one of these user account, I get everytime the error message "You have entered an incorrect user name/password combination. (5002)". I'm absolutely sure about usernames and passwords.
The second problem for me is that I can publish projects to server only by using the Administrator account.
Thanks in advance for your help.
Best regards.
Evolutis
I've installed Microsoft Project Server 2003 on a Windows 2003 Server Std.
I've create all user accounts on Project Server, and configure the accounts to use the Windows authentication.
If I try to connect with one of these user account, I get everytime the error message "You have entered an incorrect user name/password combination. (5002)". I'm absolutely sure about usernames and passwords.
The second problem for me is that I can publish projects to server only by using the Administrator account.
Thanks in advance for your help.
Best regards.
Evolutis
ASKER
Hi Bob,
In fact, all accounts were already in the AD. I've then create the accounts through PWA (Manage users and groups).
I've then
- select Authenticate user by Windows Anthentication, using the Windows User Account
- enter the Windows User Account (DomainName\WindowsAccount
- enter the Username (Firstname Lastname)
- enter the email
- select "Active" for the Account status
- assign groups to the user
I don't understand where I have to configure the account synchronisation with the AD. In fact, I don't know what is the "standard" procedure for account creation in Project Server.
What I looking for is having all users able to log on Project Web Server with their Windows user accounts.
Thanks in advance.
Evolutis
In fact, all accounts were already in the AD. I've then create the accounts through PWA (Manage users and groups).
I've then
- select Authenticate user by Windows Anthentication, using the Windows User Account
- enter the Windows User Account (DomainName\WindowsAccount
- enter the Username (Firstname Lastname)
- enter the email
- select "Active" for the Account status
- assign groups to the user
I don't understand where I have to configure the account synchronisation with the AD. In fact, I don't know what is the "standard" procedure for account creation in Project Server.
What I looking for is having all users able to log on Project Web Server with their Windows user accounts.
Thanks in advance.
Evolutis
Hello Ecolutis,
If you go to PWA | Admin | Server Configuration there are fields that allow you to specify the name of the Active Director Group to Synchronize and the frequency you would like this to happen. I would start with the Update Now option and make sure things are working correctly before setting up any kind of schedule.
If you are just deploying your server and can do so without hardship, I would consider deleting all of your user accounts (except for the administrator of course) and then restarting with the AD synchronization. You new accounts should be created with basic Team Member privileges. This one action should create the PWA account and add the user the Enterprise Resource pool. The process will also import email addresses and group identification from the AD (if the information is in the AD).
If you don't want to or can't start over, I would suggest you select one account and look at it in detail. Log into PWA as the administrator and go to Admin | Manage Users and Accounts, then select your user name and select Modify User. Look at the modify user page and observe how the user is configured. The Windows Authentication radio button should be selected. The Windows User Account should be in the format domain\username. Note that this is the username that a user uses to log into their computer and may not be their actual name. The User Name field should be the people friendly name in a format you have decided to use on the project server. For example, "Segrest - Bob". The email field should reflect where their email is to be sent in an Internet format and the account status should be set to Active. Finally, the user should be assigned to at least one user server group.
Take a look and tell us what you see…
Does this answer your question?
Bob Segrest, PMP
Microsoft Project Blackbelt
If you go to PWA | Admin | Server Configuration there are fields that allow you to specify the name of the Active Director Group to Synchronize and the frequency you would like this to happen. I would start with the Update Now option and make sure things are working correctly before setting up any kind of schedule.
If you are just deploying your server and can do so without hardship, I would consider deleting all of your user accounts (except for the administrator of course) and then restarting with the AD synchronization. You new accounts should be created with basic Team Member privileges. This one action should create the PWA account and add the user the Enterprise Resource pool. The process will also import email addresses and group identification from the AD (if the information is in the AD).
If you don't want to or can't start over, I would suggest you select one account and look at it in detail. Log into PWA as the administrator and go to Admin | Manage Users and Accounts, then select your user name and select Modify User. Look at the modify user page and observe how the user is configured. The Windows Authentication radio button should be selected. The Windows User Account should be in the format domain\username. Note that this is the username that a user uses to log into their computer and may not be their actual name. The User Name field should be the people friendly name in a format you have decided to use on the project server. For example, "Segrest - Bob". The email field should reflect where their email is to be sent in an Internet format and the account status should be set to Active. Finally, the user should be assigned to at least one user server group.
Take a look and tell us what you see…
Does this answer your question?
Bob Segrest, PMP
Microsoft Project Blackbelt
ASKER
Hi Bob,
As the server is not already in production, I've delete all Microsoft Project accounts previously created. I've create an AD group "ProjectServerUsers", assigned some user accounts, specify the name of the AD group in PWA --> Admin --> Server Configuration and updated.
All specified users have been created but I still get "You have entered an incorrect user name/password combination. (5002)" when I try to log on with one of the user account. I also try to give full rights for one of theses accounts (Administrator rights for all groups, all categories and all permissions in PWA) but it didn't change anything.
I become crazy...
Evolutis
As the server is not already in production, I've delete all Microsoft Project accounts previously created. I've create an AD group "ProjectServerUsers", assigned some user accounts, specify the name of the AD group in PWA --> Admin --> Server Configuration and updated.
All specified users have been created but I still get "You have entered an incorrect user name/password combination. (5002)" when I try to log on with one of the user account. I also try to give full rights for one of theses accounts (Administrator rights for all groups, all categories and all permissions in PWA) but it didn't change anything.
I become crazy...
Evolutis
Hi Evolutis,
Don't get frustrated, we are over looking something silly here and should be able to figure it out. Because it is most likely something simple, I am going to try to start from zero. Please don't be insulted...
To use Windows authentication you first have to be authenticated. This is done by logging onto your computer using a domain user name and password.
You should then be able to connect to your project server using your Internet Explorer with the server's web URL. It is usualy something like http://servername/projectserver. If you have already been authenticated on the domain (see step 1) AND there is an account for this domain user on the project server (see paragraph 3 of my previous post) the server should recognize you and present you with a project server home page. If the server does not, the most likely reason is that one of these two conditions has not been met.
Please verify your account settings using the process I outlined in my previoous post. Tell me what you find.
Please also tell me how you are attempting to log in when you get the 5002 error.
Are you loging in to Project Web Access?
Are you loging in using Microsoft Project Professional?
Do you get the same response from both interfaces?
Take a look and tell us what you see…
Does this answer your question?
Bob Segrest, PMP
Microsoft Project Blackbelt
Don't get frustrated, we are over looking something silly here and should be able to figure it out. Because it is most likely something simple, I am going to try to start from zero. Please don't be insulted...
To use Windows authentication you first have to be authenticated. This is done by logging onto your computer using a domain user name and password.
You should then be able to connect to your project server using your Internet Explorer with the server's web URL. It is usualy something like http://servername/projectserver. If you have already been authenticated on the domain (see step 1) AND there is an account for this domain user on the project server (see paragraph 3 of my previous post) the server should recognize you and present you with a project server home page. If the server does not, the most likely reason is that one of these two conditions has not been met.
Please verify your account settings using the process I outlined in my previoous post. Tell me what you find.
Please also tell me how you are attempting to log in when you get the 5002 error.
Are you loging in to Project Web Access?
Are you loging in using Microsoft Project Professional?
Do you get the same response from both interfaces?
Take a look and tell us what you see…
Does this answer your question?
Bob Segrest, PMP
Microsoft Project Blackbelt
ASKER
Bob,
I do not feel insulted at all. I'm completely open to your help as I want to solve this problem as soon as possible. (I add some points to prove it ;-D )
By reading your last post, and if I undertand well, the user have to be on a Windows machine, and authenticated on the AD domain.
My misunderstanding should come from here, I was thinking that a user from any computer (authenticated on the domain or not, by example from an Public Internet Access) should be able to authenticate to Project Web Access, using the Windows Authentication.
Could you confirm me this ?
If that's the case, I would have to use de Project Server Authentication because some users will use Project Serverfrom other countries, not connected by a WAN.
Thanks in advance for your help
I do not feel insulted at all. I'm completely open to your help as I want to solve this problem as soon as possible. (I add some points to prove it ;-D )
By reading your last post, and if I undertand well, the user have to be on a Windows machine, and authenticated on the AD domain.
My misunderstanding should come from here, I was thinking that a user from any computer (authenticated on the domain or not, by example from an Public Internet Access) should be able to authenticate to Project Web Access, using the Windows Authentication.
Could you confirm me this ?
If that's the case, I would have to use de Project Server Authentication because some users will use Project Serverfrom other countries, not connected by a WAN.
Thanks in advance for your help
Hi Evolutis,
Yes if you are going to use Windows Authentication, your users have to be authenticated in the local domain.
Bob Segrest, PMP
Microsoft Project Blackbelt
Yes if you are going to use Windows Authentication, your users have to be authenticated in the local domain.
Bob Segrest, PMP
Microsoft Project Blackbelt
ASKER
So, I've now modify all user accounts to use Project Server authentication instead of Windows Authentication.
I've also reset all passwords and specify the same password as for Windows accounts.
Now, when I try to log on with one of the user accounts, I get the error "You have entered an incorrect user name/password combination. (5005)" which is almost the same as the first, except the error code (5005 instead of 5002).
Evolutis
I've also reset all passwords and specify the same password as for Windows accounts.
Now, when I try to log on with one of the user accounts, I get the error "You have entered an incorrect user name/password combination. (5005)" which is almost the same as the first, except the error code (5005 instead of 5002).
Evolutis
Hi Evolutis,
You are missing something BIG here!
If you use Windows Authentication, you DO NOT have the option to set a password.
To put it another way...
If you are setting passwords, you are NOT USING windows authentication.....
Select one account and look at it in detail. Log into PWA as the administrator and go to Admin | Manage Users and Accounts, then select your user name and select Modify User. Look at the modify user page and observe how the user is configured. The Windows Authentication radio button should be selected. The Windows User Account should be in the format domain\username. Note that this is the username that a user uses to log into their computer and may not be their actual name. The User Name field should be the people friendly name in a format you have decided to use on the project server. For example, "Segrest - Bob". The email field should reflect where their email is to be sent in an Internet format and the account status should be set to Active. Finally, the user should be assigned to at least one user server group.
Tell me the values you find (one value at a time).
Bob Segrest, PMP
Microsoft Project Blackbelt
You are missing something BIG here!
If you use Windows Authentication, you DO NOT have the option to set a password.
To put it another way...
If you are setting passwords, you are NOT USING windows authentication.....
Select one account and look at it in detail. Log into PWA as the administrator and go to Admin | Manage Users and Accounts, then select your user name and select Modify User. Look at the modify user page and observe how the user is configured. The Windows Authentication radio button should be selected. The Windows User Account should be in the format domain\username. Note that this is the username that a user uses to log into their computer and may not be their actual name. The User Name field should be the people friendly name in a format you have decided to use on the project server. For example, "Segrest - Bob". The email field should reflect where their email is to be sent in an Internet format and the account status should be set to Active. Finally, the user should be assigned to at least one user server group.
Tell me the values you find (one value at a time).
Bob Segrest, PMP
Microsoft Project Blackbelt
ASKER
Bob,
As you told me that Windows authentication need a computer connected to the domain, I've switch now to Project Server Authentication. It means that I've delete all accounts and recreate new accounts using "Project Server Authentication"
The content of one of these account is :
Authenticate user by : Project Server authentication, using a logon name and password
User Account : bob
E-mail : bob@example.com
Account Status : Active
"Reset Password", I've click hier for each account in order to set the same password as the one in the Windows account (used for Outlook Web Access, Exchange 2003 is also installed on this server), it means that the username/password set in Project Server and in AD is the same.
Groups that contain this user : *All* (for test purposes)
Categories : *All* (for test purposes)
Permissions ; *All* (for test purposes)
And now, by trying to log on with one of my Project Server authenticated account, I get ""You have entered an incorrect user name/password combination. (5005)". It works with the Project Server Administrator account.
One information I can give you more : The Administrator account have a different password for Project Server as the one of the AD does it could create problems ?
Evolutis
As you told me that Windows authentication need a computer connected to the domain, I've switch now to Project Server Authentication. It means that I've delete all accounts and recreate new accounts using "Project Server Authentication"
The content of one of these account is :
Authenticate user by : Project Server authentication, using a logon name and password
User Account : bob
E-mail : bob@example.com
Account Status : Active
"Reset Password", I've click hier for each account in order to set the same password as the one in the Windows account (used for Outlook Web Access, Exchange 2003 is also installed on this server), it means that the username/password set in Project Server and in AD is the same.
Groups that contain this user : *All* (for test purposes)
Categories : *All* (for test purposes)
Permissions ; *All* (for test purposes)
And now, by trying to log on with one of my Project Server authenticated account, I get ""You have entered an incorrect user name/password combination. (5005)". It works with the Project Server Administrator account.
One information I can give you more : The Administrator account have a different password for Project Server as the one of the AD does it could create problems ?
Evolutis
ASKER
Bob,
I found what was the problem. I was managing user accounts and resetting password from a remote computer on which the URL wasn't in the Trusted sites" list.
It seems that the Password Reset ActiveX wasn't setting passwords really well.
Now, Project Server Accounts can be used to log on.
My second question (for which I'll give you all the points) is to know which rights are necessary for publishing projects from Project Pro ?
Thanks for your help.
Bob.
I found what was the problem. I was managing user accounts and resetting password from a remote computer on which the URL wasn't in the Trusted sites" list.
It seems that the Password Reset ActiveX wasn't setting passwords really well.
Now, Project Server Accounts can be used to log on.
My second question (for which I'll give you all the points) is to know which rights are necessary for publishing projects from Project Pro ?
Thanks for your help.
Bob.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Bob,
Everything is working well now.
Thanks for your help.
Best regards.
Evolutis
Everything is working well now.
Thanks for your help.
Best regards.
Evolutis
How exactly did you create/configure the accounts on your server?
If you create an account on the server using PWA and then synchronize with Active Directory (AD) there is a fair chance that your user accounts got duplicated. It is usually something simple like the first and last names being reversed or the punctuation separating the first and last names being a semi-colon rather than a comma.
Normally if you are going to sync with an AD group, allow the sync process to create the accounts and then use PWA to assign each account to its appropriate group(s).
Start by looking at your account in PWA Admin. Be sure there is only one entry for your account.
If you can connect to the server using PWA, but not with Microsoft Project, your account (the one created by the AD synch) is probably not assigned the appropriate group (Project Managers).
Take a look and tell us what you see…
Does this answer your question?
Bob Segrest, PMP
Microsoft Project Blackbelt