We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda PST Enterprise

How can the customer log in to PST Enterprise admin when "You are not authorized" error occurs.

  • Type: Knowledgebase
  • Date changed: 3 years ago
Solution #00007358

Scope: 

PST Enterprise, v3.2 or later

Answer:

SYMPTOMS

When you attempt to log into the PST Enterprise administration website, the following error is returned:

"Login was unsuccessful. Please correct the errors and try again. You are not authorized. Please speak to your administrator."


The PSTEnterprise.log file shows that the user is not a member of the PSTEnterpriseUsers group:

"Login failed, user is not a member of the 'PSTEnterpriseUsers' group."

You have confirmed in Active Directory Users and Computers that the user is in fact a member of the PSTEnterpriseUsers group.


ROOT CAUSE

PST Enterprise will do an LDAP lookup to determine if the user logging in is a member of the PSTEnterpriseUsers security group. The lookup can fail if data in the product configuration files has been incorrectly stored, or has been manually altered since the initial installation.


RESOLUTION

There are a few options that can be configured to force the lookup to use specific information like an authentication server or an authentication container to find the members of the group.


Step 1: Ensure the correct SID is listed for the PSTEnterpriseUsers group

On the PST Enterprise server,
  1. Browse to: C:\Program Files (x86)\Barracuda\PSTEnterprise\Web
  2. Take a backup copy of the file web.config (so you can revert any changes if required).
  3. Open the web.config file in Notepad.
  4. Under <appSettings> section, confirm the "AuthenticationGroup" setting and verify that the SID value is the correct value for the PSTEnterpriseUsers group. You will need to compare the SID in the web.config with the SID listed in Active Directory (AD) for this security group, e.g.:
    <!-- Authentication group SID -->
    <add key="AuthenticationGroup" value="S-1-5-21-1560972391-1618664957-1071408133-1249"></add>
  5. If the SID is not the same as the SID given by AD, update the value and save the web.config file.
  6. Recycle the PST Enterprise application pool in IIS Manager.
 
Now retest the login to the PST Enterprise website again. If not resolved, proceed to step 2.


 
Step 2: Specify a DC for authentication

On the PST Enterprise server,
  1. Browse to: C:\Program Files (x86)\Barracuda\PSTEnterprise\Web
  2. Open the web.config file in Notepad.
  3. Under <applicationsettings> section, locate the setting "AuthenticationServer" and enter the FQDN of the Domain controller you wish to use for authentication, e.g.:
    <setting name="AuthenticationServer" serializeAs="String"
    <value>SVR-DC1.MYDOMAIN.LOCAL</value>
  4. Save and close the web.config file.
  5. Recycle the PST Enterprise application pool in IIS Manager.
 
Now retest the login to the PST Enterprise website again. If not resolved, proceed to step 3.


 
Step 3: Specify a container for the PSTEnterpriseUserGroup for authentication

On the PST Enterprise server,
  1. Browse to: C:\Program Files (x86)\Barracuda\PSTEnterprise\Web
  2. Open the web.config file in Notepad.
  3. Under <applicationsettings> locate the "AuthenticationContainer" value and enter the AD container where the PSTEnterpriseUserGroup resides, e.g.:
    <setting name="AuthenticationContainer" serializeAs="String"
    <value>CN=USERS,DC=MYDOMAIN,DC=COM</value>
  4. Save and close the web.config file.
  5. Recycle the PST Enterprise application pool in IIS Manager.
 
Retest the login to the PST Enterprise website again.



Link To This Page: