Troubleshooting Windows/Domain Authentication

Troubleshooting Windows/Domain Authentication

Umango utilizes standard Windows Interactive Logon protocols to verify user credentials. If you encounter "Access Denied" or "Logon Failure" errors, it is often due to restrictive security policies on the host server or within your Active Directory environment.

Note: These settings are managed via Domain Group Policy (GPO) or the Local Security Policy editor (secpol.msc) on the Umango server.

1. User Account Rights

For authentication to succeed, the Windows security subsystem requires the user account logging on to have the right to log on locally to the server.

Policy Setting Required Configuration
Allow log on locally The user account (or their group) must be listed here.
Deny log on locally The user must NOT be listed here, as Deny overrides Allow.

2. Application Service Permissions

The Umango service logon account must have the authority to request security tokens from Windows.

  • Ensure the Umango service is running as LocalSystem or a member of the local Administrators group.
  • In hardened environments, the service account may specifically require the SE_TCB_NAME (Act as part of the operating system) privilege.

3. Active Directory Health

If you are using Domain accounts, ensure the following:

  • The server has clear network connectivity to the Domain Controller.
  • The server's system clock is synchronized with the Domain Controller.
  • The user account is not locked out or restricted by "Logon Hours" in Active Directory.

How to Verify Settings

  1. Press Win + R, type secpol.msc, and press Enter.
  2. Navigate to Local Policies > User Rights Assignment.
  3. Double-click Allow log on locally to ensure your users are permitted.
  4. Restart the Umango service to apply any policy changes.

    • Related Articles

    • Umango Scan Actuator Troubleshooting

      This article walks you through diagnosing connection problems between the Umango Scan Actuator (the small desktop app that talks to your scanner) and the Umango web application running in your browser. If you're on a personal or home computer, start ...

    • Resetting The Umango Authentication Method

      Overview If the Authentication Method in Umango is misconfigured (e.g., an incorrect LDAP or MFA setup), administrators may find themselves locked out of the system. By removing the AuthenticationMethod entry from the database, Umango reverts to its ...

    • Installing Umango Silently Using Command Line Properties

      This article explains how to install Umango without user interaction by running the installer from the command line and supplying MSI properties. The Umango installer is distributed as an EXE bootstrapper that contains an MSI package. For silent ...

    • Restricting User Access to Umango in Azure

      By default, when you create an Azure App Registration for use with Umango authentication, any user within your Microsoft Entra ID (formerly Azure AD) tenant can authenticate. To restrict access to specific departments, teams, or individuals, you must ...

    • How to Change the Temporary Working Folder in Umango

      Overview Umango uses a temporary working folder to store files during processing. This folder is separate from the batch folder and is used internally by the system while documents are being processed. In some environments, you may want to move this ...