Symantec Auth Connector application (bcca.exe) is not able to send Users or Groups to the Web Security Service (WSS) portal, returning a specific error from bcca debug log “1359: an internal error occurred”.
This is not an issue with the Auth connector, but rather a known issue with Microsoft's patch updates listed below. Please refer to each KB links below for further details regarding the known issue. In each KB link below, there is a section titled "Known issues in these updates". In this section, Microsoft mentions a known issue with the NetQueryDisplayInformation API that may fail to return results after the first page of data often 50 – 100 entries. When requesting additional pages, you may receive an error “1359: an internal error occurred”. SEE full statement below as highlighted in yellow and red. Because of this issue with NetwQueryDisplayInformation API in these updates, Symantec Auth Connector is unable to send Users or Groups to the WSS portal.
The following error message will be shown in the Event Viewer application ---> Windows Logs ---> Application log.
The other error message seen is in the Auth Connector debug log (C:\Program Files (x86)\Blue Coat Systems\BCCA\bcca-<pid>Date&Time.log
Windows 2019 after applying KB4516077
2019/09/27 08:32:22.028  user testuser34 2019/09/27 08:32:22.028  WC2MB len -1 bytes_needed 8 2019/09/27 08:32:22.028  len -1 needed 8 written 8 next_byte 1250 2019/09/27 08:32:22.028  SendUnicode: len -1 bytes_written 8 result 0x40000 payload_length 8 2019/09/27 08:32:22.028  Next index 3291 2019/09/27 08:32:22.028  [8820:8668] Admin services unexpected error.; status=31:0x1f:A device attached to the system is not functioning.
Symantec Auth Connector Version: 2.5.9300.892540
Windows Server 2016/2019 Server Standard Full Installation 64-bit
Web Security Service
This is a known issue that Microsoft has reported in the following updates and states they are working on a fix in the workaround section.
Please contact Microsoft for updates regarding a fix for the issue.
As stated in Microsoft KB's, this is a known issue and Microsoft is working on a resolution to the issue and will be providing an update on the upcoming release. Symantec auth connector uses the NetQueryDisplayInformation API for gathering user and group information, which is being affected by this issue. Please contact Microsoft for details on the fix.
Microsoft has released a fix for this issue on Windows 2016 Server and details can be found at KB4516044. Make sure to install the latest KB on the servers running the Symantec WSS Auth Connector as well as to all of the Domain Controllers communicating with the Auth Connector.
For Windows Server 2019, Microsoft has released KB4516077 which will address the first part of the issue. A second part is yet to be released to resolve the problem completely.