tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Failed to negotiate with a suitable domain controller for xxx
Date Thu, 01 Aug 2013 10:06:39 GMT
Seema Patel wrote:
> Hi,
> I am not sure if this is the right List to post this on, please advise if it isn't and
let me know where is best to post.
> I am getting the following error on one of our applications running on our intranet:
> 2013-07-31 17:15:11,180 [] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/forms].[action]
- Servlet.service() for servlet action threw exception
> Failed to negotiate with a suitable domain controller
for xxx.LOCAL
> at jcifs.smb.SmbSession.getChallengeForDomain(
> at jcifs.http.NtlmHttpFilter.negotiate(
> at jcifs.http.NtlmHttpFilter.doFilter(
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> at org.apache.catalina.core.StandardWrapperValve.invoke(
> at org.apache.catalina.core.StandardContextValve.invoke(
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(
> at org.apache.catalina.core.StandardHostValve.invoke(
> at org.apache.catalina.valves.ErrorReportValve.invoke(
> at org.apache.catalina.authenticator.SingleSignOn.invoke(
> at org.apache.catalina.core.StandardEngineValve.invoke(
> at org.apache.catalina.connector.CoyoteAdapter.service(
> at org.apache.coyote.http11.Http11AprProcessor.process(
> at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(
> at$
> at Source)

I believe that you should read this page carefully, in particular the blue text at the 
beginning :

Can you have a look at the WEB-INF/web.xml file *of your application*, and check if there

is a servlet filter configured there, which matches the name above ?

If so, make a backup copy of that web.xml file, and then edit it to remove that filter 
from it, and try again.
I am not quite sure, but it looks possible to me that you have a duplicate authentication

mechanism in use : one at the container (Tomcat) level, and one at the application level.
And the one used at the application level is obsolete, unsupported, unmaintained etc..

> In my tomcat/conf/server.xml file I have:
> <Realm className="com.viatel.tomcatrealms.ADJNDIRealm"
> debug="01" resourceName="ActiveDirectory"
> connectionURL="ldap://xxx:xxx"
> alternativeURL="ldap://xxx:xxx"
> connectionName="LDAP@xxx.local" connectionPassword="xxx"
> referrals="follow" userBase="dc=vtlwavenet,dc=local"
> userSearch="(sAMAccountName={0})" userSubtree="true"
> roleBase="dc=xxx,dc=local" roleSearch="(member={0})"
> roleName="cn" roleSubtree="true" />
> I have 2 .war files running from this tomcat - 1) intranet portal A, 2) intranet helpdesk
page and also another intranet portal B (both run from slightly different URLs).
> When tomcat was restarted the intranet portal A runs, intranet portal B runs but the
intranet helpdesk portal doesn't run.  For this we get the error message shown above.
> I don't know if it is the java code, some setting in the tomcat catalina base or if it
is a tomcat network issue.
> We are running Tomcat 5.5.29.
> java version "1.5.0_22"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_22-b03)
> Java HotSpot(TM) Client VM (build 1.5.0_22-b03, mixed mode, sharing) 
> It is on a Windows Server 2003 R2 SP2 VM box.
> Any help on this is appreciated.
> Thanks in advance
> Seema

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message