X509N Bad User Name - Login Falures
Article Number: 000052410 | Last Modified: 2019/03/01
X509N(Bad or Unknown user) is trying to access the Server and getting failure message being reported to DNS server.
The domain controller will record two failure events with event ID 4768, Task Category "Kerberos Authentication Service". Account name for these entries will be "X509N:<S>CN=QlikClient".
Qlik Sense November 2017
Other products using Domain ControllerNote: Image above was taken from a domain controller.
Windows Event logs are detecting "Kerberos" when the Qlik Sense is running. When secure communication is set up between Qlik Sense services (for instance the Repository and the Engine), the connecting service will provide a certificate titled QlikClient to identify it self as a Qlik service. When the server accepts this certificate it will ask Windows to authenticate it. As the certificate is not by default tied to any real Windows entity (user or computer), this authentication will trigger logon failure log entries in the Windows security event log.
- Set "EnableDotNetWebSockets" in the app.config file (C:\Program Files\Qlik\Sense\Repository\Repository.exe.config) to true.
- If the Qlik Services are running using a non local administrator account then bootstrapping needs to be run after the changed configuration. The fix is not supported by Windows 7.
Fixed in Qlik Sense September 2018
! This was investigated as a defect, and a fix was included in Qlik Sense September 2018. For up to date information, please review the most recent Release Notes, or contact support with the ID QLIK-87774 for reference.