Table of Contents

Login & Authentication - Common Issues

Niamh Ferns Updated by Niamh Ferns

DeskDirector SID Test Tool

DDGetSID CLI Overview

The DDGetSID CLI tool is a command-line interface app developed to help you diagnose Active Directory login issues on Windows.

You can use this tool to:

  • Find out a user's company SID
  • Diagnose auto-login issues
Download DDGetSID CLI Tool or check out our Logging in with Active Directory knowledge base article for more information on getting this feature setup.

Running the DeskDirector SID Test Tool

To use the DeskDirector SID Test Tool, run the DDGetSid exe file and a window will open where diagnostic logs and test results will be printed out.

For automatic login to work with Active Directory, the company's SID printed here needs to be added to their company in the DeskDirector Admin portal. Detail instructions: Logging in with Active Directory

Please note that for users working on devices that are not active directory joined in some way, this SID will be the SID for their Windows workgroup. In this case, we recommend adding a Custom SID. See below.

You can also generate a random SID with the DeskDirector SID Test Tool:

Parameter

Command

-g

Generates a random SID.

-g -s

Generates a random SID and set it to registry.

Administrator permission required.

-h

Prints usage help.

Automatic Login Issues

​Automatically logging in to DeskDirector is a feature that users and MSPs love. It means one less password, one less hassle, one less hurdle between you and the user.​ ​

Occasionally this doesn't work but never fear, we're here to help you sort out the issue.

Companies

​​Check are the companies that have been set up in the DeskDirector:

  • ​Check that the Domain SID associated with the Company ID matches the Domain SID that the ​DeskDirector SID Test Tool returns, bar the last group of digits as these are ignored.​
  • If using ConnectWise as a PSA integration, check that the ConnectWise company ID matches what's in ConnectWise (Including spaces).​
  • ​Check if you're in an environment where a company has multiple domains then you can add multiple Domain SID entries with a single Company ID. (You can find more information on how to resolve this below.)\
There's an article that covers this topic over ​here​​
Contacts

​Check the user's contact:

  • The user should have an assigned email.
  • ​DeskDirector checks to see if the email it retrieved from Active Directory exists and creates a new contact using the Active Directory information if it doesn't. This means if there's a contact without an email address, or an email address that differs from what is in Active Directory, DeskDirector will create a new contact. This means that tickets logged will be associated with the new contact.
  • ​If using ConnectWise as a PSA integration, check whether the Portal Disable Flag is False. If it is set to true, the users will not be able to log in to DeskDirector using Active Directory.
Checking the portal account
  • ​Check if you can manually log in to the user's portal account, if the portal account isn't working for some reason, DeskDirector won't be able to log in. This can be done by holding login out of the application and then login in under the user you want to check. ​
  • ​If you don't know the password, you can set it in the Contact's profile in the Admin portal. You can get here via Portal > Contacts > Profile
  • Clear cookies. ​You can delete the Cookie key from:
%AppData%\DeskDirector Portal\Partitions\deskdirector

"We have automatic login enabled but it isn't working for some of our users."

Automatic login issues are usually a result of an incorrect or missing SID on either the user's machine or for the company entry in the DeskDirector Admin portal.

Please note that automatic login also only works on the desktop client apps.
  1. Check whether the company is missing an SID in DeskDirector
    1. Open the Admin portal and head to Portal > Companies.
    2. Select the company the end user belongs to.
    3. Confirm whether an SID is available for the company. If an SID is present, skip to step 4
  2. Add an SID to the company in DeskDirector
    You will need to figure out what the SID for the user's company is. If you know the user's machine is correctly AD joined, you can run the SID tool on their machine to get this value. If the user is not AD joined, you will need to find this information either in Entra or by running the DeskDirector SID Test Tool on a machine that is AD joined so you can find the correct value.
  3. Retry logging in on the end users machine
  4. If at this point it is failing to login, confirm via the DeskDirector SID Test Tool whether the SID on the end user's machine matches that set in DeskDirector. If it does match and the user is still unable, please contact DeskDirector support.
    If the IDs don't match, you have two options you can either set up a custom domain SID on the user's machine (see below) - OR - add the SID from the user's machine as an additional SID for the company in the DeskDirector Admin portal.

Setting a Custom Domain SID (Advanced)

In some rare cases, you may have multiple companies using the same domain SID or you may have a user that is working from a machine that is not AD joined (a personal device). This means that users will struggle to log in or contacts could be created under the wrong company in DeskDirector.

DD Portal for Windows supports custom domain SIDs.

The custom domain SID can be setup in two ways:

  1. Via the Windows Registry
  2. Via a Custom Active Directory attribute.

Custom Domain SID via Windows Registry

Note that all desktops in the company will need to be setup with the same registry key & value.

  1. Create a DeskDirectorSID string value under one of these locations:
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DeskDirectorPortal for 64-bit device.
    HKEY_LOCAL_MACHINE\SOFTWARE\DeskDirectorPortal for 32-bit devices
  2. Set the Users SID Value
    If this is is for a user that is in multiple companies, you can use the DeskDirector SID Test Tool to generate a unique SID!
    If this is for a user on a device that isn't AD joined, you will need to use the SID that you have set for their company in DeskDirector. You can also skip step 3.
    - OR -
    If this is for a user that is a part of multiple companies, make sure you have a unique SID for that user and use that as your SID.
  3. If using a unique SID for the user, you will need to add this SID to their company. Open the Admin portal and head to Portal > Companies as mentioned above and add the unique SID as an additional SID to the company they should be a part of.

Custom Domain SID via Custom Active Directory Attribute

  1. Create a Unicode string attribute named deskDirectorSID or deskDirectorGUID in Active Directory Schema.
  2. Associate the attribute to the domain class in the property dialogue.
  3. Restart the Active Directory Domain Services
  4. Generate an SID and set it to the custom attribute. (You can use the DeskDirector SID Test Tool for this. See above.)
  5. Verify the custom domain SID is being used in the CLI tool.
SID & Custom Attribute References

How to Create a Custom Attribute in Active Directory

Generate an unique X500 Object ID for AD custom attribute

SSO Login Issues

When trying to login to your portals, you may see the following error:

This happens because the "User can register application" permission is disabled in Azure Active Directory (AAD) due to corporate policies.

You will need to request an administrator to grant you permission to the application (DeskDirector). Please follow the steps outlined here to grant admin consent for the Client and Tech portals.

Other Common Login Issues

Here are some more common causes as to why users can't log in to DeskDirector.

Disabled Portal Login (ConnectWise Only)

An incorrect password will also show an error stating that the contact could not be found.

Within the contact details in ConnectWise, there is a Disable Login option. When DeskDirector creates a contact in CW, this is left False (not ticked). However, sometimes contacts are updated by a workflow or a ConnectWise member and this is set to True (ticked). As soon as this is activated, the contact will no longer be able to log in to DeskDirector.

You might need to reset the password in order to make this change, however, this password is never used as we use the DeskDirector set passwords over ConnectWise's passwords.

Password Not Working

Due to some of ConnecWise's security requirements, sometimes a user's ConnectWise password will not work when trying to log in to DeskDirector. In order to solve this, we recommend resetting the user's password. This allows the user to log in using the DeskDirector password, and avoids any future issues caused by security changes that may occur in ConnectWise. 

No Tickets After Logging In

This is usually caused by having duplicate contacts in your PSA. Sometimes, DeskDirector will log the users in as the duplicate and cause them to not see their tickets or be able to submit tickets. In these cases, you must delete the duplicate contact from your PSA and then delete the duplicate contact cache from your Admin Portal. After this the user should be able to log in with no issues. If the issue persists, please contact support for more info. 

Active Contact Can't Login (ConnectWise)

This happens usually due to the lack of permissions for your integration API member.

To verify you are having this issue, you can follow these steps:

  1. Get the missing contact's ID from ConnectWise.
  1. Open your Admin Portal and head to Advanced > Diagnose Entities and then select Contacts as the entity type then enter the contact ID(s).
  1. If an error saying "You do not have security permission to perform this action." is returned, this mean your integration API has the permission issue.

Review the permissions in the following article to ensure your permissions are configured correctly: ConnectWise Integrartion.

You can use this method to diagnose other entities too! (E.G. tickets, companies or members.)

How did we do?

Troubleshooting DeskDirector Connection Issues

Permissions & Access - Common Issues

Contact