16.1.0 and 16.1.1
After upgrading to 16.1.0 or 16.1.1 users that were previously able to log into TPP with their AD credentials are no longer able to log in.
Looking at the logs reveals a message similar to the following: "encountered a error preparing to connect to the directory path LDAP://(DN) error message: An invalid dn syntax has been specified."
This is due to an issue that affects 16.1.0 and 16.1.1 - a field test patch is available through support and this is scheduled to be fixed in 16.1.2. Versions prior to 16.1 are unaffected.
This issue affects accounts where the User CN contains a , (comma) character, you can check this from a domain controller using dsquery:
eg. dsquery user -name stuart*
If the CN returned contains ' \, ' then this account is affected by the issue.
Please contact Venafi support who are aware of the issue and can provide a fix - alternatively 16.1.2 will solve the issue (not released at time of publishing).