While browsing the AD users and groups as part of adding a new AD based user/group rule through VPM would result in the error "The IWA direct realm encountered an unmapped error code, contact your system administrator".
"The IWA direct realm encountered an unmapped error code, contact your system administrator".
This is not an issue with SGOS and the problem is caused by the recent Microsoft Patch KB4507460 (OS Build 14393.3085). This problem is reported with DCs running Windows Server 2016 OS with MS Patch KB4507460 installed. According to Microsoft known issues with this update, applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.” SGOS internally use NetQueryDisplayInformation API call to list the users and groups in AD and that’s why it fails.
Microsoft is working on the solution and will provide an update in an upcoming release
The details are available on Microsoft's support website: https://support.microsoft.com/en-gb/help/4507460/windows-10-update-kb4507460. Check the “Known issues in this update” section as given below.
Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.” |
We are working on a resolution and will provide an update in an upcoming release. |
There is a discussion about this issue on the MSDN forums as well: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&uact=8&ved=2ahUKEwjmprWPq-XjAhUGyFkKHV9cBOMQFjABegQIBRAB&url=https%3A%2F%2Fsocial.msdn.microsoft.com%2FForums%2Fvstudio%2Fen-US%2F0ea83483-b077-4109-bae9-d9c5223e87ca%2Fnetquerydisplayinformation-fails-on-server-2016%3Fforum%3Dvcgeneral&usg=AOvVaw0wV9cG0dfP-0qNF2nIffKw