Re: Agent can not login to finesse

Rima · ‎10-05-2022

Hello cisco community.

We have a ucce depmoyment . Agents are facing issue to login to Cisco finesse.

SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure. [CLIENT: finesse @@ip]

Any help would be greatly appreciated.

Dmytro Benda · ‎10-06-2022

Hello @Rima

Is this a new system or working one? Were the agents able to login to Finesse earlier? Is this problem occurs for a particular Agent or to all Agents?

Error like this typically relates to MS SQL software. I would like to ask also if you Finesse server can communicate with MS SQL DB on your Admin Servers (AWs VMs). Aren't there any problems between Finesse servers and AWs?

My Cisco Unified Communications Blog

Rima · ‎10-06-2022

Hello Dmytro,

It was working fine . But suddenly the icmadmin user got locked due to many login attempts coming from the tow Daw servers. We tried to create new user and give him the same privilege as the icmadmin(user used during the deployment of the plateform) but the issue persist .

Yes all finesse agents are affected

Dmytro Benda · ‎10-06-2022

But your MS SQL AWDB is available on your DAWs and working normally, right? It means that you can change your settings in Config Manager (UCCE) or SPOG (PCCE), correct?

Also didn't you have any Security Windows Update force from Domain Policy? Please read a topic with similar issue here:

https://community.cisco.com/t5/contact-center/finesse-cannot-login-show-invalid-username-or-password/td-p/3192278

My Cisco Unified Communications Blog

Rima · ‎10-06-2022

Hello Dmytro,

Thank you for your reply.

i accessed the finesse cfmadmin and try to reenter the credentials but i got the error

Unable to authenticate against the primary and secondary enterprise database.

Dmytro Benda · ‎10-06-2022

Hello Rajaaí,

I think first you should check credentials on your MS SQL DB on DAWs. MS SQL has a built-in client to connect to the DB - SQL Server Management Studio. Try to connect with this tool to your DB with the credentials you use on Finesse Admin page.

Does your SQL allow to login with them at all?

My Cisco Unified Communications Blog

Rima · ‎10-10-2022

Hello Dmytro,

the issue was resolved after reactivating the authentication NTLM on the AD. Based on Cisco Documentation,Finesse requires that the administration database is configured to use NTLM. If the administration database is configured to use only NTLMv2, Finesse cannot connect to the administration database. We had disable NTLMv2on local security policies but the issue was not resolved until reactivation the authentification NTL on the AD ?

another question, the issue has occurred after initializing the local database , that means (7 days after AD team has disabled the authentication using NTLM on The AD ) . Normally it should occur right after disabling the NTLM not after 7 days.

Abdulhameed Perayil · ‎10-10-2022

Handshake failed usually indicates that the user couldn't be authenticated. You might also want to check the security event log on the server for any errors at the same time as those in the SQL Server error log. Check the IP of the client since loop back issues usually have the local IP address for the client.