Network-based security runtime error messages

When logging on to the terminal using Active Directory fails, various error messages display, depending on the error. Errors may come from LDAP AD client or from the terminal platform. Because the terminal runtime and emulator use different LDAP clients - error code may be different for the terminal and emulator.

LADP errors include:

The message "Active Directory service cannot be reached (error=<code>)" appears when the Active Directory cannot be reached. The main reasons for this issue are incorrect Active Directory connection settings, HMI device being disconnected, or unavailable Active Directory server. It is shown for the following errors:

91 (LDAP_CONNECT_ERROR)

81 (LDAP_SERVER_DOWN)

-1 (LDAP_SERVER_DOWN)

52 (LDAP_UNAVAILABLE)

1 (LDAP_OPERATIONS_ERROR)

11 (LDAP_ADMINLIMIT_EXCEEDED)

The message "Invalid credentials" appears when you provide invalid credentials on logon. It is shown for the code error 49 (LDAP_INVALID_CREDENTIALS).

The message "Other network security error: (error=<code>)" appears for all the other LDAP errors.

Terminal errors display the following messages:

The message "Username or password field cannot be empty." appears when you left the username
or password
field blank.

The message "User not found in directory service" appears when the user was not found in the Active Directory.

The message "Cannot read user group membership" appears when user has no membership group assignment on Active Directory side.

The message "User not assigned to a configured user group" appears when the credentials are correct but HMI device cannot match user to configured group. User group configuration for the project may be incorrect.

For more information and detailed description of the codes, see:

LDAP Results Codes (emulator)

OpenLDAP Results Codes (terminal runtime)

Common Active Directory Bind Errors