Login Failed

This article describes steps that Administrators can take to troubleshoot failed login attempts for their users.

Note: If you are an end user receiving this message when you attempt to log in, pay special attention to uppercase and lowercase letters in your username as the system is case sensitive. In most cases, usernames will be all lowercase and they will not contain the domain portion of your email address ('@your-org.com', for example). Reach out to your CMS administrator if you believe you are entering your credentials correctly but are still receiving errors.

In most cases, the reason for a user encountering this error will be due to them entering the wrong username (case matters!) and/or password. Assuming these have been ruled out, proceed to the next steps below.

Verify that the user's account is Enabled

  1. As an administrator, go into the Administration area and click on the Users link.
  2. Click on the user account in question.
  3. Confirm that the "Enabled" field is set to "Yes".

Note: If you are unable to access the interface (due to a 'Login Failed' error with your own account), you can verify whether or not the account is enabled by executing a database query like the following against your Cascade CMS database:

select isEnabled from cxml_user where username = '{username}';

(making sure to replace {username} with the username in question).

  • A result of 0 means the account is disabled.
  • A result of 1 means the account is enabled.

To enable a disabled account, execute the following query:

update cxml_user set isEnabled = 1 where username = '{username}';

If the user's account is enabled but they still receive the error, continue troubleshooting by following the steps below.

Determine how the user is attempting to authenticate

  1. As an administrator, go into the Administration area and click on the Users link.
  2. Click on the user account in question.
  3. Check the value listed for the "Authentication" field. It will be 1 of the 3 types listed below:
    • Normal - The user's account is managed entirely within Cascade CMS (the username and password are stored locally in the Cascade CMS database). If the user's account is enabled but they still receive a 'Login Failed' message when attempting to log in, an administrator should change the user's password and then provide the user with a new password. At that point, verify that the user is able to log in using the new password provided.
    • LDAP - The user's account is managed in your organization's existing LDAP/Active Directory instance. To investigate further, LDAP/AD administrators will want to see if the user account in question has an expired password (in which case a new password must be provided to the user) or if the user has simply entered a bad password (in which case the user may need to be provided with a new password as they may have forgotten the current one). In Active Directory, for example, the status of a user account can be found in the Attribute Editor. Specifically, you can check the badPasswordTime attribute to verify whether or not the user recently entered a bad password.
    • Custom - The user's account is managed in your organization's SSO system (CAS, Shibboleth, etc.). Your SSO administrator will need to check for errors related to the user's account from around the time of the failed login attempt(s).

Note: If you are unable to access the interface (due to a 'Login Failed' error with your own account), the authentication type for a user account can be determined by executing the following database query:

select authmode from cxml_user where username = '{username}';
  • A result of 0 means the account is a "Normal" account.
  • A result of 1 means the account is an "LDAP" account.
  • A result of 2 means the account is a "Custom" account.

Still having trouble? Feel free to reach out to Hannon Hill Support and our team can help you troubleshoot further.