Error: Invalid Username or Password for all users in Production when using ADAuthenticator endpoint

When attempting to log in to Production, users may receive the error: Invalid username or password is received for all users. These same credentials worked for them earlier in the day.
 

This occurred when using Windows authentication and also using remote authentication from a different Active Directory domain from the application doamin, as described on page 100 of our Installation guide, and when also disabling the vulnerable SSL3 protocol on the remote Active Directory server. An incompatible version of TLS 1.2 was attempted, resulting in the failure.  

For older versions of Blackbaud CRM, a viable alternative to SSLv3 is to implement TLS version 1.0 on the client-hosted Active Directory server rig.  Blackbaud CRM versions 3.0 and 4.0 implement .NET 4.0 Framework for Windows-based authentication, and the 4.0 .NET Framework supports TLS 1.0 but not TLS 1.2.   

As of Blackbaud CRM version 4.0, Service Pack 5; we are now requiring and implementing version 4.5 of the .NET Framework, which supports the more secure TLS 1.2 for Windows-based authentication models:
https://community.blackbaud.com/blogs/54/434

 

Environment

 3 ; 4

Was this article helpful?


Thanks for your feedback! Did this solve your issue?

Comments (optional):


Thanks for your feedback!
We're glad it was helpful but sorry it didn’t solve your issue. If you need assistance, click Chat with Support below.
We’re sorry to hear that. Please tell us why.

 I don't like how this works.

 The answer is confusing.

 The answer didn't match what I was searching for.

Additional Comments (optional):


Thanks for your feedback! If you need assistance, click Chat with Support below.
Thanks for your feedback. Help us make our products even better by sharing details in our Idea Banks or our online Community.
Thanks for letting us know. We'll work on clarifying the information in the article. If you need assistance, click Chat with Support below.
Thanks for letting us know. We'll work on updating the search engine to return more relevant results.