When authenticating as a remote user, you may be told that your username and password are incorrect.  Once we have ruled out the fact that they may be incorrect, on further investigation, you may see something similar to the following in /loglogic/tomcat/logs/logapp.log:

2018-09-10 12:07:02,610 [loglogic-test-device] WARN  com.loglogic.logapp.filters.auth.SimpleLdapAuthentication - Failed to login to LDAP server (192.168.1.200:636): simple bind failed: 192.168.1.200:636
2018-09-10 12:07:02,610 [loglogic-test-device] ERROR com.loglogic.logapp.servlets.admin.users.UserAuthentication - Incorrect user name and/or password for remote authentication on Authentication Server 192.168.1.200:636
2018-09-10 12:07:02,610 [loglogic-test-device] ERROR com.loglogic.logapp.spring.security.LoginAuthenticationProvider - Login Exception

The part we are interested in is:

Failed to login to LDAP server (192.168.1.200:636): simple bind failed: 192.168.1.200:636

The appliance is trying to authenticate to the Active Directory server on port 636. This is the secure LDAP port so in order to authenticate we must have configured certificate-based trust with the Active Directory server. The "simple bind failed" message shows that the appliance is currently not presenting the right credentials, or it is but they have expired. In either case, you will need to reconfigure your appliance Active Directory configuration. The text below shows how to configure Active Directory authentication from scratch - generally, in the case of a simple bind error, we would only need to follow step 5. The rest of the steps have been included for completeness.

1. Import the domain controller certificate.
a) Make sure you have the location of the certificate file that will be used to allow the appliance to trust the Active Directory server. You will need to speak to your Active Directory administrator to get this.

b) Enter the following command:
keytool -import -alias <alias-of-file> /<location of certificate file> -keystore /loglogic/tomcat/conf/truststore
For example:
keytool -import -alias 2008R2a /tmp/certificate.cer -keystore /loglogic/tomcat/conf/truststore

The default keystore and truststore file password defined by Oracle is 'changeit' without quotes. Despite the string, do not change it for purposes of LogLogic LMI.

If the CA that signed the domain controller's certificate is different than the CA that signed the LMI appliance's certificate then you will need to also import the additional certs in the trust chain of the domain controller's certificate using the same command above but with changing the alias and filename appropriately. The truststore file will always be used.

c) Restart Tomcat so it will reload the truststore contents.  To do this, at the toor prompt, type mtask -s engine_tomcat restart

2. In the Server Name text field, enter the name of the remote authentication server.

3. Select the Enable check box to enable this remote authentication server for the appliance after you click Update.

4. In the Server IP text field, enter the IP address for the remote authentication server.

5. In the Port text field, enter the port number for the remote authentication server, unless you want to use the listed default.

6. Select the Enable SSL check box to establish the secure connection on the AD server.

7. For Auth Type, select the type of authentication for the Active Directory server to perform:
Kerberos or Simple Authentication (username/password).

8. In the Realm text field, enter the realm for the remote authentication server.
For example: realm - SQA2008R2a.lab

9. (Simple Authentication only) In the NT Domain text field, enter the domain name for the remote authentication server. This field is displayed only if you select Simple Authentication as the Auth Type.
For example: NT Domain - SQA2008Ra

10. In the User and Password fields, enter the credentials of any user who has access to the Active Directory server. This is required so that when the daily AD user cleanup task runs, if the users with remote authentication are removed from all associated roles or groups, or are disabled or deleted from the AD server, the corresponding users are removed from the Management Users tab.

11. Click the Test button to test the connection to the specified Active Directory server.
a) A pop-up prompts you for a login name and password for the server.
b) Enter a login name and password of any user for the server and click Test Connection.
c) The pop-up remains open to display the status of the test. If the connection test times out (after
fifteen seconds), a time out message appears in the Connection Status box on the pop-up.

12. Click Update to save your entries or changes.

Note: the default Keystore password is 'changeit'. Refer to the Oracle article https://docs.oracle.com/cd/E19957-01/817-3331/6miuccqo3/index.html for more information.

This article gives information on the likely cause of Active Directory secure authentication issues.