Error: Invalid Username or Password for all users in Production when using ADAuthenticator endpoint

When attempting to log in to Production, users may receive the error: Invalid username or password is received for all users. These same credentials worked for them earlier in the day.

This occurred when using Windows authentication and also using remote authentication from a different Active Directory domain from the application doamin, as described on page 100 of our Installation guide, and when also disabling the vulnerable SSL3 protocol on the remote Active Directory server. An incompatible version of TLS 1.2 was attempted, resulting in the failure.  

For older versions of Blackbaud CRM, a viable alternative to SSLv3 is to implement TLS version 1.0 on the client-hosted Active Directory server rig.  Blackbaud CRM versions 3.0 and 4.0 implement .NET 4.0 Framework for Windows-based authentication, and the 4.0 .NET Framework supports TLS 1.0 but not TLS 1.2.   

As of Blackbaud CRM version 4.0, Service Pack 5; we are now requiring and implementing version 4.5 of the .NET Framework, which supports the more secure TLS 1.2 for Windows-based authentication models:



 3 ; 4

Was this article helpful?