Archive for November, 2021

Unifi Cloud Key WEB UI Password doesn’t work: “Invalid username and/or password”

Attempts to logon to the Unifi Cloud-Key website for example: fails no matter if the username/password you enter is correct. Error message you get is: “Invalid Username and/or password”.

Well that stinks. hmmm how to fix. Let’s try to connect using SSH (I like to use putty.exe)

Putty to – using username and password combination that failed above worked just fine, I’m in, i can see all the commands etc. Okay that works but then the UI should work – Nope!

After hours… I mean hours of searching different communities and solutions, this was the solution to fix it. It did happen to come from a Unifi Tech – 5 years ago – which means they still haven’t fixed it in their cloud key products :(.

FROM UNIFI techs:   The issue appears to be arising from incorrect SUID account privileges on the UCK system.

This can be confirmed by sshing into the CloudKey and running the following command:

ls -l /usr/bin/sudo

This should return output similar or identical to the following if the same root cause:

-rwxr-xr-x 1 root root 106820 Jan 10 2016 /usr/bin/sudo

To resolve this and ensure that any suid issues are not causing the issue, run the following command (Recommend copy & paste):

   chmod u+s /usr/bin/sudo

Re-test logging in to the WebUI and confirm the issue is resolved. YEP that worked!

I’m posting this again so people searching for this can find it faster than searching through 13 pages of the above solution from this link:

or better:

Categories: Active Directory

Remotewebaccess VPN disconnects (Error 829)

Client told me he couldn’t access the vpn to the office.  Would connect and disconnect and or any connection would only last a few seconds before disconnecting. Event log errors include Error 829.

At first I thought it could be the server needed a reboot. Nope, wasn’t it.

Looked at the RWA certificates on the server and did notice that the one that was being used expired today. Hmmm. So I checked IIS and looked at the Bindings for the Default Website – but the server had already bound the new RWA certificate to it. Still clients couldn’t connect.

Looking further at the client event logs this is example of one of error messages:

CoId={3AE1BD1D-CF91-4B7B-A93F-7A59705A1EF5}: The user WIN10TEST\username dialed a connection named which has terminated. The reason code returned on termination is 829. All this means is a disconnected session. Great no help there.

Searched the web and found this bit of information:

The RWA certificate set in IIS is also used by Routing and Remote Access Server Configuration – not for authentication but for maintaining secure TLS connection. So even though the IIS cert was updated, RRAS console doesn’t upgrade it automatically :(.

Solution: Go to Routing and Remote Access snap-in, right-click on the properties of your router (MACHINE-NAME (local) properties in the tree-view to the left) select the Security Tab; you will be warned that there’s no TLS certificate selected (the previous has expired in my case) and select the certificate that has the next year’s expiration date – can select and then view them prior to saving. This will force a RRAS service restart. Thereafter clients can connect and remain connected :).