Joining the ProxySG to the Windows domain fails with insufficient access for user, error message.

book

Article ID: 168265

calendar_today

Updated On:

Products

Asset Management Solution ProxySG Software - SGOS

Issue/Introduction

From 6.5.4.1 onwards, while joining the SG to a Windows domain, user account needs permission to change/write userPrincipalName attribute on SG's machine account in AD. This additional requirement was introduced in 6.5.4.1 due to another related bug fix. Hence, joining the domain will fail with error message such as LW_ERROR_LDAP_INSUFFICIENT_ACCESS unless a user account with administrative privilege which can change/write userPrincipalName attribute on SG's machine account in AD, is being used.
 

Resolution

This problem is fixed in 6.5.5.7 or later where the user the account no longer needs to have administrative privilege while joining SG to the domain.
 

Workaround

Make sure that the user account used for joining the domain has administrative privilege or at least has the right to change the userPrincipalName attribute on SG's machine account in AD.