Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > Unable to authenticate on LEM manager: Invalid login

Unable to authenticate on LEM manager: Invalid login

Updated January 13, 2017


After configuring LDAP/SSO, the following error displays:

Unable to authenticate on manager: Invalid login

Logging in with an Active Directory (AD) account from Windows works fine. 

Logging in as adserver.local\username does not work, however, and the manager.log shows the following error:

Flex authentication failed: Authentication request not handled


LEM 6.3.1+


  1. This error occurs when there is a time difference between the LEM VM and Active Directory (the LDAP server). To verify, check the watchlogs from cmc for errors related to Kerberos auth sessions.
  2. You are trying to use LDAPS and not using Primary DC for LDAP host / IP


Scenario 1:

By default, all LEM deployments(VMware/Hyper-v) get their time-sync from the VM host computer.

  • If the host is VMware ESX(i), ESXi it will get its time-sync from a local or Internet NTP server.
  • If the host is Hyper-V, and the Hyper-V server is a member of Active Directory, the VM host will get its time from Active Directory.

If the Hyper-V host is not a member of the domain, the host needs to get its time from an NTP server.

If time-sync from the host VM is not possible, be sure to clear the time-sync option on the VM host, and enable LEM to get its time directly from an NTP server.

To configure NTP time-sync via CMC console:

  1.      Open a Vsphere console (or PuTTY session on port 32022) to LEM.
  2.      Enter the "appliance" menu.
  3.      Enter the "ntpconfig" command, and follow the prompts to point to a local or Internet NTP server.


Scenario 2:

  • If scenario 1 does not apply in your case, then verify the LDAP/LDAPS configuration via http://yourlem:8080/mvc/configuration
  • Verify the FQDN for LDAP and AD server name
  • Use IP address instead of host name for LDAP server
  • If you have Primary and Secondary Domain controller(s) and LDAP is configured to establish trust only from PDC then you need to use the Primary DC as the LDAP hostname.
  • Your internal certificate on your DC may have been changed. Go into the LDAP settings in LEM and save them again. If a new certificate is needed, you will be prompted to accept it.

Refer to this MS KB on how to Troubleshoot LDAPS issues





Last modified