Error during data collection: 'unable to build domain cache for domain...'

book

Article ID: 156506

calendar_today

Updated On:

Products

Control Compliance Suite Windows

Issue/Introduction

During data collection in Control Compliance Suite (CCS) 11, following error is seen:unable to build domain cache for domain <domain name>

Cause

Domain admin credentials were not provided for building domain cache.

Resolution

In CCS 11 by design of the product, domain admin or equivalent credentials are required to build domain cache. Here is the explanation of why it requires domain admin privileges...

CCS performs deep scanning on Windows Assets, in which it is required to do effective membership analysis for domain users & groups. Apart from this it also reads computer and users information from the domain controller (Active Directory).
To calculate the effective group membership it requires the trusted domain information and trusted domain SID, which is read from the domain controller. 
Non domain admin user account does not have the necessary permissions to read this information from the domain and hence a domain admin account is required for this purpose.

CCS does not write anything to the active directory.


Symantec has updated the product to work around and avoid using Domain Administrator credentials. For more information see : Article URL http://www.symantec.com/docs/TECH196631(Control Compliance Suite version 11.0 with SCU 2012-3)