JSS 9.1 "400 Error"

bajones
Contributor II

Yesterday I upgraded my JSS to 9.1 from 8.71 and everything appeared to upgrade fine, but now whenever I try to log in to the web interface I get a blank page with the title "400 Error" after entering my credentials. I have tried this in both Safari and Firefox. Computers are communicating with the JSS with the jamf binary just fine and Self Service still works, but I cannot access the web interface. I have only tried rebooting the server so far. Any particular areas where I should focus my troubleshooting?

1 ACCEPTED SOLUTION

nessts
Valued Contributor II

I am by no means an expert and can only guess at your setup, but we were playing with our lab stuff yesterday and connecting to AD and ran into something very similar.
You should have a local admin account that is not dependent on LDAP right? Can you login with that?
if so, i would check your LDAP server connection, verify that your groups and group membership can be resolved.
and you may have to delete and re-add any network groups you have set for authentication. I was also making changes on one of the cluster servers and could not login to the primary server so i restarted tomcat and all was well after ensuring groups worked properly.

View solution in original post

9 REPLIES 9

nessts
Valued Contributor II

I am by no means an expert and can only guess at your setup, but we were playing with our lab stuff yesterday and connecting to AD and ran into something very similar.
You should have a local admin account that is not dependent on LDAP right? Can you login with that?
if so, i would check your LDAP server connection, verify that your groups and group membership can be resolved.
and you may have to delete and re-add any network groups you have set for authentication. I was also making changes on one of the cluster servers and could not login to the primary server so i restarted tomcat and all was well after ensuring groups worked properly.

bajones
Contributor II

My primary account is an AD account, but I get the same 400 Error with a local account.

EDIT: Actually, any text I enter into the login screen takes me to the 400 Error page

nessts
Valued Contributor II

support@jamfsoftware.com

ammonsc
Contributor II

I am getting the same thing on AD accounts but not on the local admin

bajones
Contributor II

@nessts - Waiting for a response from them. I usually try here too, since the hivemind is generally quicker to respond.

bajones
Contributor II

Thanks, nessts. It was indeed my ldap connection. Customer support assisted with truncating the users from the database and after I restarted Tomcat, I was able to create a new local account. Now I can log in, I just have to figure out the problem with the ldap connection.

bajones
Contributor II

From JAMF Support:

"You will receive a 400 Error displayed when logging into the JSS with a user that is not present on the JSS. So this can be a local user or an AD user. I have this issue filed under D-005306 and will be working with development to resolve the issue. The intended result would be that if any incorrect information was enter it would bring you right back to the login page."

powellbc
Contributor II

Bajones, don't forget to check your search base. I could not log in with an AD account and so I tested a search under LDAP settings but the account was not found. It turned out my search base did not encompass the OU the account I was searching for was in.

EDIT: Spoke to soon. Though I can find the account in the LDAP test settings, I still cannot log in with it. The particular account I am using is a ember of a group with log in rights so not sure what is occurring.

Nick_Gooch
Contributor III

I had the same issue. Searching would work fine but logging in would fail. I had to delete the ldap server, all ldap users and groups and then re-add them. Works like a charm now. Faster then it ever did on 8.x versions.