Hi folks, we have recently changed from Edir to AD. I have added AD into ZCM 11.2 as a user source and Domain users can log into ZCM no problem. The issue is with the passive mode login.

When a domain user logs into a box for they first time they then get a zen log in. They then need to enter their domain credentials and select the new realm from the drop down box. When they log in after that they go straight through. Their details are in the zenlgn history so there is no problems. Unfortunately this is useless in our environment as people are always logging into new machines.

We have added EnableSeamlessLogin and DefaultRealm to the registry. We have also deleted cachedzennames and realmname keys.
Nothing seems to get that first login to work without user interaction.

We turned on authentication logging an received the following.

ZENLGN [114-438] [15:40:36:694] Entered Load resource DLL
ZENLGN [114-438] [15:40:36:694] Language I got from API is: ENA
ZENLGN [114-438] [15:40:48:837] ZenLgnLoginUI entered
ZENLGN [114-438] [15:40:48:837] It would appear that we have been called from the LogonUI process (ZenNotify.dll)
ZENLGN [114-438] [15:40:48:837] CALWIN32LoadDLL called!
ZENLGN [114-438] [15:40:48:837] LoadLibrary for CALWIN32.DLL failed: 126
ZENLGN [114-438] [15:40:48:837] g_bClient32IsInstalled is FALSE
ZENLGN [114-438] [15:40:48:837] Entered Load resource DLL
ZENLGN [114-438] [15:40:48:837] Language I got from API is: ENA
ZENLGN [114-438] [15:40:48:853] pDomain_Controller_Info->DomainControllerName = mercedes.catholic.edu.au
ZENLGN [114-438] [15:40:48:853] WTSLoadDLL called!
ZENLGN [114-438] [15:40:48:853] WTSLoadDLL returning
ZENLGN [114-438] [15:40:48:853] RegQueryValueEx on value DisablePassiveModeLogin Failed: 2
ZENLGN [114-438] [15:40:48:853] CheckIfLoginAllowed Entered
ZENLGN [114-438] [15:40:48:853] Checking if this machine is an NT Server.
ZENLGN [114-438] [15:40:48:853] Professional
ZENLGN [114-438] [15:40:48:853] CheckIfLoginAllowed returning TRUE
ZENLGN [114-438] [15:40:48:853] IsWorkstationConnected entered
ZENLGN [114-438] [15:40:48:868] IsWorkstationConnected returning 0
ZENLGN [114-438] [15:40:48:868] Calling ZENGetAuthoritativeSources
ZENLGN [114-438] [15:40:48:884] ZENGetAuthoritativeSources returned
ZENLGN [114-438] [15:40:48:884] RetrieveUsersCachedZenName Entered
ZENLGN [114-438] [15:40:48:884] RetrieveUsersCachedZenName returning: 2
ZENLGN [114-438] [15:40:48:884] Passed in realm name is in the list of realms. Use it
ZENLGN [114-438] [15:40:48:884] ZenLgnAttemptWithoutPrompt Entered...
ZENLGN [114-438] [15:40:48:884] ShiftKeyOverride - shiftStatus = 0x1
ZENLGN [114-438] [15:40:48:884] LgnGetPassiveLoginRetryParameters entered
ZENLGN [114-438] [15:40:48:884] *pdwRetryCount = 0
ZENLGN [114-438] [15:40:48:884] *pdwRetryInterval = 15000
ZENLGN [114-438] [15:40:48:884] Before ZenCheckIsNMASPassword
ZENLGN [114-438] [15:40:48:884] ZenLgnLogin entered
ZENLGN [114-438] [15:40:48:884] Calling ZENIsServerAvailable
ZENLGN [114-438] [15:40:49:180] Returned from ZENIsServerAvailable
ZENLGN [114-438] [15:40:49:180] Workstation is connected
ZENLGN [114-438] [15:40:49:180] Server is Available
ZENLGN [114-438] [15:40:49:180] About to call ZENLogin in agent service
ZENLGN [114-438] [15:40:57:604] Returned from calling ZENLogin in agent service
ZENLGN [114-438] [15:40:57:604] ZenLgnLogin returning 86
ZENLGN [114-438] [15:40:57:604] ZenLgnAttemptWithoutPrompt Returning 86...
ZENLGN [114-438] [15:40:57:604] Passive Login Failed: 0x00000056
ZENLGN [114-438] [15:40:57:604] RegQueryValueEx on value DisablePassiveModeLoginPrompt Failed: 2
ZENLGN [114-438] [15:40:57:604] Launching the ZEN login dialog prompt
ZENLGN [114-438] [15:40:57:651] ZenLgnLoginInitDialog entered
ZENLGN [114-438] [15:40:57:651] Number of realms = 2
ZENLGN [114-438] [15:40:57:651] Realm Name = MERCEDES
ZENLGN [114-438] [15:40:57:651] Realm Name = mercedes.catholic.edu.au
ZENLGN [114-438] [15:40:57:651] ZenLgnLoginInitDialog returning
ZENLGN [114-438] [15:41:00:490] Received window message - WM_COMMAND - Cancel button hit.
ZENLGN [114-438] [15:41:00:490] Calling EndDialog with 1244
ZENLGN [114-438] [15:41:00:506] Window message - WM_COMMAND - Cancel button hit ending.
ZENLGN [114-438] [15:41:00:506] Received window message - WM_DESTROY
ZENLGN [114-438] [15:41:00:506] Window message - WM_DESTROY - ending
ZENLGN [114-438] [15:41:00:506] ZEN login dialog prompt returned failure - Login failed
ZENLGN [114-438] [15:41:00:506] ZenLgnLoginUI exiting: 1244

As you can see there are two realms, Mercedes and mercedes.catholic.edu.au. mercedes is the old Edir one and mercedes.catholic.edu.au is the new AD.

There is no novell client on these machines, so credentials are being passed from MS login.

Im wondering if MS login is passing the wrong realm name?

When we remove the old edir user source will ZCM default to searching the new AD realm thereby fixing this issue?

any help would be much appreciated