Even if SSO authentication was set up as described in this document, there can nevertheless be occasions when logging on with SSO does not work. In this case, double-check the following settings.

Checking Client-Side Settings

If SSO authentication is still not working, check the following points in the client:

  1. Use ping to check if the MSAD server and the Siveillance Control server can be accessed from the client.
  1. Make sure that the name of the Siveillance Control server is not entered in the file in the path C:\Windows\System32\drivers\etc\hosts on the client. Otherwise, the IP address of the Siveillance Control server may not be resolved using DNS, but rather statically using the value in the host file, which leads to problems in practice.
  1. Make sure that nslookup provides the correct DNS resolution for the Siveillance Control server:
  1. Make sure that the established IP address and the name are correct.
  1. Make sure that the system time on the client does not differ from the system time on the MSAD server and the Siveillance Control server by more than one minute. A reasonable solution is to use an NTP server to set up automatic time synchronization on the Siveillance Control server.

Adjusting the MSAD Server

If the previous steps do not lead to successful SSO authentication, adjust the MSAD Server.

  1. Delete all entries for the Siveillance Control server in the Active Directory.
  1. Recreate the entries.
  1. Regenerate the keytab file.
  1. Copy the keytab file to the Siveillance Control server.