Help Center/ Cloud Bastion Host/ FAQs/ Troubleshooting/ CBH Managed Resource Login Failures/ Why Am I Seeing Login Errors of Code: C_769 When I Use a Web Browser for Resource O&M?
Updated on 2024-09-04 GMT+08:00
View PDF
Share

Why Am I Seeing Login Errors of Code: C_769 When I Use a Web Browser for Resource O&M?

Symptoms

When a user attempts to log in to a managed host resource using a web browser, a login error (Code: C_769) is reported, indicating that the account username, password, or key is incorrect.

Checking Managed Host Account Passwords

  1. Log in to the CBH system, select the target Linux host, export managed accounts, and obtain the host account username and password.
  2. Log in to the ECS management console, log in to the Linux host using VNC, and verify the host account username and password.

Check Whether Two-Factor Authentication Is Enabled on the Linux Host

When a dynamic password is required for logging in to a Linux host, the two-factor authentication function of Host Security Service (HSS) is enabled on the Linux host.

In this case, disable two-factor authentication for the Linux host by referring to HSS Two-Factor Authentication.

After that, log in to the managed Linux host again through the CBH system.

Check Whether the Linux Host Rejects the Login of User root

In the sshd service configuration file /etc/ssh/sshd_config, if PermitRootLogin is set to no, the user root is not allowed to log in to the Linux host.

  1. Log in to the Linux host and check the configuration file of the sshd service.
  2. In the /etc/ssh/sshd_config file, find the PermitRootLogin parameter, and check whether the parameter value is no. If yes, go to the next step.
  3. Modify the /etc/ssh/sshd_config file.

    Find the PermitRootLogin parameter and change its value to yes or comment out the line where the parameter is located.

    #PermitRootLogin no

  4. Run the following command to restart the SSHD service:

    systemctl restart sshd

After the preceding operations are complete, log in to the Linux host through the CBH system again.

Check Whether the 120-Day Free Trial Period of the Windows Server Expires

Check method: Remotely log in to the target Windows ECS from a Windows ECS on the intranet and check whether the following error message is displayed: "The remote session was disconnected because there are no Remote Desktop License Servers available to provide a license. Please contact the server administrator."

In this case, the 120-day RDS free trial expires. There is a default grace period of 120-day free trial for Windows ECSs. After the free trial period expires, pay for the service. Otherwise, the remote connection will fail.

Solution: Activate and authorize the server again by referring to activate the server.

If the problem persists, click Service Tickets in the upper right corner of the management console and submit a service ticket.

Enabling Forcible RDP Connections

When the number of Windows remote desktop connections exceeds the upper limit, you are not allowed to establish remote connections with the host resources. In this case, you can enable the admin console in the CBH system to implement force logins. This means you can force the CBH system to establish login connection by forcibly logging out other logged in users.

  1. Log in to your bastion host.
  2. Choose Operation > Host Operations to go to the Host Operations page.
  3. Click Web OPS Settings. The configuration window is displayed.
  4. Select the admin console connection mode.
  5. Click OK to return to the Host Operations page.

    After the configuration is successful, when a user attempts to log in to an RDP host, if the number of connections exceeds the upper limit, the user is forced to log in.

Checking the Bastion Host Image Version

Check method: Log in to the bastion host and choose System > About and check whether Device System is 3.3.54.0.

If yes, the keyboard may be enabled on the server.

Solution

  • CentOS: Set ChallengeResponseAuthentication in the server configuration file /etc/ssh/sshd_config to no.
  • Ubuntu: Set KbdInteractiveAuthentication in the server configuration file /etc/ssh/sshd_config to no.