search cancel

Error: "The IWA direct realm encountered an unmapped error code, contact your system administrator" while browsing AD users/groups through VPM.

book

Article ID: 175627

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

While browsing the AD users and groups as part of adding a new AD based user/group rule through VPM would result in the error "The IWA direct realm encountered an unmapped error code, contact your system administrator". 

"The IWA direct realm encountered an unmapped error code, contact your system administrator". 

Cause

This is not an issue with SGOS and the problem is caused by the recent Microsoft Patch KB4507460 (OS Build 14393.3085). This problem is reported with DCs running Windows Server 2016 OS with MS Patch KB4507460 installed. According to Microsoft known issues with this update,  applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.” SGOS internally use NetQueryDisplayInformation API call to list the users and groups in AD and that’s why it fails.

Microsoft is working on the solution and will provide an update in an upcoming release

Resolution

This issue is resolved in MS Patch KB4516044.

 

Work-around

  1. Until Microsoft fix this problem, manually enter the AD user/group name while creating AD user/group based rule through VPM. Please make sure that user/group name in the policy match exactly as it is in AD.
  2. Uninstall the MS patch KB4507460 until Microsoft fix this problem and release the new update with the fix. Please be aware of the security implication with uninstalling the MS patch KB4507460.

   The details are available on Microsoft's support website:  https://support.microsoft.com/en-gb/help/4507460/windows-10-update-kb4507460. Check the “Known issues in this update” section as given below.

                                                                                                                                                                                                                                                                                                        

Applications and scripts that call the NetQueryDisplayInformation API or the WinNT provider equivalent may fail to return results after the first page of data, often 50 or 100 entries. When requesting additional pages you may receive the error, “1359: an internal error occurred.”

We are working on a resolution and will provide an update in an upcoming release.

 

There is a discussion about this issue on the MSDN forums as well:  https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&uact=8&ved=2ahUKEwjmprWPq-XjAhUGyFkKHV9cBOMQFjABegQIBRAB&url=https%3A%2F%2Fsocial.msdn.microsoft.com%2FForums%2Fvstudio%2Fen-US%2F0ea83483-b077-4109-bae9-d9c5223e87ca%2Fnetquerydisplayinformation-fails-on-server-2016%3Fforum%3Dvcgeneral&usg=AOvVaw0wV9cG0dfP-0qNF2nIffKw