To troubleshoot the issue:
- Use one of following two approaches to check if logon restriction is enabled for the active directory user account:
- On Windows AD server, go to Start > Administrative Tools > Active Directory Users and Computers; right click the account that can't login to the IVE. Select Properties > Account > Log on To and check if "The following computers" is selected.
- On Windows AD server, go to Start > Run > cmd and enter
net user <USERNAME>. Check the "Workstations allowed" in the output of from the command.
- Get the computer name of the IVE used to join Windows Active Directory and check if it's in the above allowed login computer list. To retrieve the name, go to:
IVE Admin WebUI > Authentication > Auth. Servers > Active Directory Auth Server > Settings > View Advanced Options > Computer Name
- Add IVE computer name to the "allowed login workstation" of AD account which cannot log into the IVE. To add the name:
- On the Windows AD server, go to Start > Administrative Tools > Active Directory Users and Computers
- Right click the account that can't login to the IVE.
- Then, go to Properties > Account > Log on To
- Input the computer name of IVE that was found in step 1 above.
- Click Add, then OK.
By default, the computer name of IVE that is used to join AD authentication server is vc0000
value of its internal interfaces's IP address). You may modify it as you want by follow IVE name conventions.