Error during sign in: Unknown Domain or username.
The cause of this error varies, It often shows up when trying to sign in during an enrollment or password reset attempt.
Here below is a list of some of the most common causes.
- The user account is not within the selected scope
In the Specops Authentication Gatekeeper Admin tool, check the scope settings at the Active Directory Settings tab and make sure in Active Directory that the user account Is located within the selected scopes.
- Incorrect UPN or Domain Name Protection
Make sure to specify the domain name and the user name when you sign in, like this firstname.lastname@example.org
If that doesn’t work the domain name could be wrong or the domain name hasn’t been added and verified at the Specops Authentication admin page. It can be configured at the tab Account – Domain Names.
Perhaps Domain Name Protection Is being used? It can be verified at the tab Account – Domain Names. When domain name protection is enabled, users can only sign in by using special URLs which contain an obfuscated id. These application URL’s can be found in the Gatekeeper admin tool. Note that enabling domain name protection will invalidate the application URL’s that can be found in the Gatekeeper admin tool. Anyone who uses these URL’s will have to change to the new ones. The admin console will reload the new URL’s when it is restarted.
- Incorrect URL
Compare the URL address in the browser on the client with the URL’s that can be seen at the uReset tab in the Specops Authentication Gatekeeper Admin tool. Is it the correct URL?
Usually the URL’s are pushed out to the machines by configuring our client ADMX settings in a group policy object that’s applied to the machines. Verify that the URL’s configured in the policy are correct. Sometimes we see old uReset 7 URL’s configured that hasn’t been replaced since migrating to uReset 8.
Location in Group Policy Management Editor:
Computer configuration – Policies – Administrative Templates: Policy Definitions – Specops Authentication Client – Url overrides (uReset)
- Geoblocking or Trusted Network Locations
The user Is trying to sign in from a blocked country or IP range, this is configured with our Geoblocking feature. The settings for it can be found on the Specops Authentication admin page at the Geoblocking tab.
The user Is trying to sign in with an IP address that isn’t allowed. Allowed IP addresses can be configured on the Specops Authentication admin page at the Trusted Network Locations tab.
More can be read here: https://specopssoft.com/support/en/ureset-8/trusted-network-locations.htm