Warning Observed after integrating with Active Directory

Hi team,

We have a cluster running with docker with multiple nodes. The cluster is a licensed cluster and we recently enabled TLS security on the cluster. We have enabled TLS security for node-to-node communication. We used self signed certificate for the same which we generated using the Elasticsearch cert util.
Along with built-in users, we also made a custom user to ingest data via Logstash. The cluster was working fine and ingesting data was working properly at this point.

After this, we enabled the Active Directory integration using rolling restart. AD integration was successful and AD users are able to login into cluster as expected, but following warning message started to observe in elasticsearch node logs:

"log.level": "WARN", "message":"Authentication to realm <realm-name> failed - authenticate failed (Caused by LDAPException(resultCode=49 (invalid credentials), diagnosticMessage='80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563\u0000', ldapSDKVersion=6.0.3, revision=405ee52a554f9867e81d4598a5b2f97beabeb29a))", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[<node-name>][generic][T#23]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","elasticsearch.cluster.uuid":"mOT5UswFSnelOojKdBtypQ","elasticsearch.node.id":"4GYo6RyCQ6aT3I9j4c-YWQ","elasticsearch.node.name":"<node-name>","elasticsearch.cluster.name":"<cluster-name>"}

Log ingestion is working fine but the above warning message is shown continuously, can anyone please suggest to fix this warning message.

I can't help with the specific error and solution sorry, however;

Please do reach out to Support as well :slight_smile:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.