Unable to install Symantec Management Platform 7. Getting error in logs "Failed to configure services. Failed to add the proposed app identity account to the Symantec Administrators group"
search cancel

Unable to install Symantec Management Platform 7. Getting error in logs "Failed to configure services. Failed to add the proposed app identity account to the Symantec Administrators group"

book

Article ID: 176978

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

The installation of Symantec Management Platform (NS7) failed during initial setup. Errors occurred during the Configuration process with Symantec Installation Manager 7 (SIM7).

These are some of the errors displayed in the NS logs:

Priority: 1
Date: 7/13/2009 1:29:19 PM
Tick Count: 3252421
Host Name: ServerName
Process: w3wp (2664)
Thread ID: 1
Module: w3wp.exe
Source: Altiris.NS.Installation.NSConfigurationWebService.ConfigureServices
Description: Failed to configure services.

( Exception Details: System.Security.SecurityException: Failed to add the proposed app identity account to the Symantec Administrators group ---> Altiris.NS.Exceptions.AeXException: Failed to get the name of the local group to add to from the SID. ---> Altiris.NS.Exceptions.AeXException: Unable to retrieve the name associated with the specified identity. Identity: S-1-5-21-1932283318-831070398-3513421812-1007. Inner: Altiris.NS.Exceptions.AeXException: Unable to lookup the name of the account associated with the specified SID ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
   at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.SecurityIdentifier.Translate(Type targetType)
   at Altiris.NS.Security.SecurityTrusteeProvider.LookupNameFromSid(String scope, String sid)
   --- End of inner exception stack trace ---
   at Altiris.NS.Security.SecurityTrusteeProvider.LookupNameFromSid(String scope, String sid)
   at Altiris.NS.Security.SecurityTrusteeManager.GetName(String scope, String trusteeIdentity, Int32 trusteeType). ---> Altiris.NS.Exceptions.AeXException: Unable to lookup the name of the account associated with the specified SID ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
   at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.SecurityIdentifier.Translate(Type targetType)
   at Altiris.NS.Security.SecurityTrusteeProvider.LookupNameFromSid(String scope, String sid)
   --- End of inner exception stack trace ---
   at Altiris.NS.Security.SecurityTrusteeProvider.LookupNameFromSid(String scope, String sid)
   at Altiris.NS.Security.SecurityTrusteeManager.GetName(String scope, String trusteeIdentity, Int32 trusteeType)
   --- End of inner exception stack trace ---
   at Altiris.NS.Security.SecurityTrusteeManager.GetName(String scope, String trusteeIdentity, Int32 trusteeType)
   at Altiris.NS.Security.SecurityTrusteeManager.GetName(Trustee trustee)
   at Altiris.NS.Security.SecurityTrusteeManager.AddMemberToLocalGroup(String groupSid, String memberSid)
   --- End of inner exception stack trace ---
   at Altiris.NS.Security.SecurityTrusteeManager.AddMemberToLocalGroup(String groupSid, String memberSid)
   at Altiris.NS.Utilities.AppIdentity.SetApplicationId(String sUserName, String sPassword)
   --- End of inner exception stack trace ---
   at Altiris.NS.Utilities.AppIdentity.SetApplicationId(String sUserName, String sPassword)
   at Altiris.NS.Installation.ServiceConfiguration.ConfigureServices(String username, String userpassword)
   at Altiris.NS.Installation.NSConfigurationWebService.ConfigureServices(InstallationCredential credentials, StringPair[] parameters)
The Zone of the assembly that failed was:
MyComputer )
( Exception logged from:
   at Altiris.Diagnostics.Logging.EventLog.ReportException(Int32 severity, String strMessage, String category, Exception exception)
   at Altiris.Diagnostics.Logging.EventLog.ReportException(String strMessage, String category, Exception exception)
   at Altiris.NS.Installation.NSConfigurationWebService.ConfigureServices(InstallationCredential credentials, StringPair[] parameters)
   at System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
   at System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
   at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at System.Web.Services.Protocols.LogicalMethodInfo.Invoke(Object target, Object[] values)
   at System.Web.Services.Protocols.WebServiceHandler.Invoke()
   at System.Web.Services.Protocols.WebServiceHandler.CoreProcessRequest()
   at System.Web.Services.Protocols.SyncSessionlessHandler.ProcessRequest(HttpContext context)
   at System.Web.Script.Services.ScriptHandlerFactory.HandlerWrapper.ProcessRequest(HttpContext context)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
   at System.Web.HttpApplication.ApplicationStepManager.ResumeSteps(Exception error)
   at System.Web.HttpApplication.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData)
   at System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr)
   at System.Web.HttpRuntime.ProcessRequestNoDemand(HttpWorkerRequest wr)
   at System.Web.Hosting.ISAPIRuntime.ProcessRequest(IntPtr ecb, Int32 iWRType)
 )
( Extra Details:  Type=System.Security.SecurityException Src=Altiris.NS
  Inner Extra Details:  Type=Altiris.NS.Exceptions.AeXException Src=Altiris.NS
  Inner Extra Details:  Type=Altiris.NS.Exceptions.AeXException Src=Altiris.NS
  Inner Extra Details:  Type=Altiris.NS.Exceptions.AeXException Src=Altiris.NS
  Inner Extra Details:  Type=System.Security.Principal.IdentityNotMappedException Src=mscorlib )

*******************************************
Priority: 1
Date: 7/13/2009 1:29:19 PM
Tick Count: 3252500
Host Name: ServerName
Process: SymantecInstallationManager (2180)
Thread ID: 12
Module: SymantecInstallationManager.exe
Source: Symantec.Installation.ConfigureNS.task_Completed
Description: ConfigureNS - task_Completed(): Configuration Task Configuring services... Failed: System.Web.Services.Protocols.SoapException: Failed to add the proposed app identity account to the Symantec Administrators group ---> System.Security.SecurityException: Failed to add the proposed app identity account to the Symantec Administrators group ---> Altiris.NS.Exceptions.AeXException: Failed to get the name of the local group to add to from the SID. ---> Altiris.NS.Exceptions.AeXException: Unable to retrieve the name associated with the specified identity. Identity: S-1-5-21-1932283318-831070398-3513421812-1007. Inner: Altiris.NS.Exceptions.AeXException: Unable to lookup the name of the account associated with the specified SID ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
   at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.SecurityIdentifier.Translate(Type targetType)
   at Altiris.NS.Security.SecurityTrusteeProvider.LookupNameFromSid(String scope, String sid)
   --- End of inner exception stack trace ---
   at Altiris.NS.Security.SecurityTrusteeProvider.LookupNameFromSid(String scope, String sid)
   at Altiris.NS.Security.SecurityTrusteeManager.GetName(String scope, String trusteeIdentity, Int32 trusteeType). ---> Altiris.NS.Exceptions.AeXException: Unable to lookup the name of the account associated with the specified SID ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
   at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.SecurityIdentifier.Translate(Type targetType)
   at Altiris.NS.Security.SecurityTrusteeProvider.LookupNameFromSid(String scope, String sid)
   --- End of inner exception stack trace ---
   at Altiris.NS.Security.SecurityTrusteeProvider.LookupNameFromSid(String scope, String sid)
   at Altiris.NS.Security.SecurityTrusteeManager.GetName(String scope, String trusteeIdentity, Int32 trusteeType)
   --- End of inner exception stack trace ---
   at Altiris.NS.Security.SecurityTrusteeManager.GetName(String scope, String trusteeIdentity, Int32 trusteeType)
   at Altiris.NS.Security.SecurityTrusteeManager.GetName(Trustee trustee)
   at Altiris.NS.Security.SecurityTrusteeManager.AddMemberToLocalGroup(String groupSid, String memberSid)
   --- End of inner exception stack trace ---
   at Altiris.NS.Security.SecurityTrusteeManager.AddMemberToLocalGroup(String groupSid, String memberSid)
   at Altiris.NS.Utilities.AppIdentity.SetApplicationId(String sUserName, String sPassword)
   --- End of inner exception stack trace ---
   at Altiris.NS.Utilities.AppIdentity.SetApplicationId(String sUserName, String sPassword)
   at Altiris.NS.Installation.ServiceConfiguration.ConfigureServices(String username, String userpassword)
   at Altiris.NS.Installation.NSConfigurationWebService.ConfigureServices(InstallationCredential credentials, StringPair[] parameters)
The Zone of the assembly that failed was:
MyComputer
   --- End of inner exception stack trace ---
   at Altiris.NS.Installation.NSConfigurationWebService.ConfigureServices(InstallationCredential credentials, StringPair[] parameters)
( Exception Details: System.Web.Services.Protocols.SoapException: System.Web.Services.Protocols.SoapException: Failed to add the proposed app identity account to the Symantec Administrators group ---> System.Security.SecurityException: Failed to add the proposed app identity account to the Symantec Administrators group ---> Altiris.NS.Exceptions.AeXException: Failed to get the name of the local group to add to from the SID. ---> Altiris.NS.Exceptions.AeXException: Unable to retrieve the name associated with the specified identity. Identity: S-1-5-21-1932283318-831070398-3513421812-1007. Inner: Altiris.NS.Exceptions.AeXException: Unable to lookup the name of the account associated with the specified SID ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
   at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.SecurityIdentifier.Translate(Type targetType)
   at Altiris.NS.Security.SecurityTrusteeProvider.LookupNameFromSid(String scope, String sid)
   --- End of inner exception stack trace ---
   at Altiris.NS.Security.SecurityTrusteeProvider.LookupNameFromSid(String scope, String sid)
   at Altiris.NS.Security.SecurityTrusteeManager.GetName(String scope, String trusteeIdentity, Int32 trusteeType). ---> Altiris.NS.Exceptions.AeXException: Unable to lookup the name of the account associated with the specified SID ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
   at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.SecurityIdentifier.Translate(Type targetType)
   at Altiris.NS.Security.SecurityTrusteeProvider.LookupNameFromSid(String scope, String sid)
   --- End of inner exception stack trace ---
   at Altiris.NS.Security.SecurityTrusteeProvider.LookupNameFromSid(String scope, String sid)
   at Altiris.NS.Security.SecurityTrusteeManager.GetName(String scope, String trusteeIdentity, Int32 trusteeType)
   --- End of inner exception stack trace ---
   at Altiris.NS.Security.SecurityTrusteeManager.GetName(String scope, String trusteeIdentity, Int32 trusteeType)
   at Altiris.NS.Security.SecurityTrusteeManager.GetName(Trustee trustee)
   at Altiris.NS.Security.SecurityTrusteeManager.AddMemberToLocalGroup(String groupSid, String memberSid)
   --- End of inner exception stack trace ---
   at Altiris.NS.Security.SecurityTrusteeManager.AddMemberToLocalGroup(String groupSid, String memberSid)
   at Altiris.NS.Utilities.AppIdentity.SetApplicationId(String sUserName, String sPassword)
   --- End of inner exception stack trace ---
   at Altiris.NS.Utilities.AppIdentity.SetApplicationId(String sUserName, String sPassword)
   at Altiris.NS.Installation.ServiceConfiguration.ConfigureServices(String username, String userpassword)
   at Altiris.NS.Installation.NSConfigurationWebService.ConfigureServices(InstallationCredential credentials, StringPair[] parameters)
The Zone of the assembly that failed was:
MyComputer
   --- End of inner exception stack trace ---
   at Altiris.NS.Installation.NSConfigurationWebService.ConfigureServices(InstallationCredential credentials, StringPair[] parameters)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
   at System.Web.Services.Protocols.SoapHttpClientProtocol.EndInvoke(IAsyncResult asyncResult)
   at Altiris.NS.Installation.NSConfigurationWebServiceProxy.EndConfigureServices(IAsyncResult asyncResult) in C:\Documents and Settings\Administrator\Desktop\Source\SIM_7_0\SIM\SIM\NSConfiguration\NSConfigurationWebServiceProxy.cs:line 72
   at Symantec.Installation.ServicesTask.EndAsync(IAsyncResult result) in C:\Documents and Settings\Administrator\Desktop\Source\SIM_7_0\SIM\SIM\NSConfiguration\ServicesTask.cs:line 57 )
( Exception logged from:
   at Altiris.Diagnostics.Logging.EventLog.ReportException(Int32 severity, String strMessage, String category, Exception exception)
   at Altiris.Diagnostics.Logging.EventLog.ReportException(String strMessage, Exception exception)
   at Symantec.Installation.ConfigureNS.task_Completed(Object sender, CompletedEventArgs e)
   at Symantec.Installation.Task.OnCompleted(Exception ex)
   at Symantec.Installation.ServicesTask.EndAsync(IAsyncResult result)
   at System.Web.Services.Protocols.WebClientAsyncResult.Complete()
   at System.Web.Services.Protocols.WebClientProtocol.ProcessAsyncResponseStreamResult(WebClientAsyncResult client, IAsyncResult asyncResult)
   at System.Web.Services.Protocols.WebClientProtocol.ReadAsyncResponseStream(WebClientAsyncResult client)
   at System.Web.Services.Protocols.WebClientProtocol.ReadAsyncResponse(WebClientAsyncResult client)
   at System.Web.Services.Protocols.WebClientProtocol.GetResponseAsyncCallback(IAsyncResult asyncResult)
   at System.Net.LazyAsyncResult.Complete(IntPtr userToken)
   at System.Net.ContextAwareResult.CompleteCallback(Object state)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Net.ContextAwareResult.Complete(IntPtr userToken)
   at System.Net.LazyAsyncResult.ProtectedInvokeCallback(Object result, IntPtr userToken)
   at System.Net.HttpWebRequest.ProcessResponse()
   at System.Net.HttpWebRequest.SetResponse(CoreResponseData coreResponseData)
   at System.Net.HttpWebRequest.SetAndOrProcessResponse(Object responseOrException)
   at System.Net.ConnectionReturnResult.SetResponses(ConnectionReturnResult returnResult)
   at System.Net.Connection.ReadComplete(Int32 bytesRead, WebExceptionStatus errorStatus)
   at System.Net.Connection.ReadCallback(IAsyncResult asyncResult)
   at System.Net.Connection.ReadCallbackWrapper(IAsyncResult asyncResult)
   at System.Net.LazyAsyncResult.Complete(IntPtr userToken)
   at System.Net.ContextAwareResult.Complete(IntPtr userToken)
   at System.Net.LazyAsyncResult.ProtectedInvokeCallback(Object result, IntPtr userToken)
   at System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
   at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)
 )
( Extra Details:  Type=System.Web.Services.Protocols.SoapException Src=System.Web.Services
SOAP Exception detail = System.Security.SecurityException: Failed to add the proposed app identity account to the Symantec Administrators group ---> Altiris.NS.Exceptions.AeXException: Failed to get the name of the local group to add to from the SID. ---> Altiris.NS.Exceptions.AeXException: Unable to retrieve the name associated with the specified identity. Identity: S-1-5-21-1932283318-831070398-3513421812-1007. Inner: Altiris.NS.Exceptions.AeXException: Unable to lookup the name of the account associated with the specified SID ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
   at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.SecurityIdentifier.Translate(Type targetType)
   at Altiris.NS.Security.SecurityTrusteeProvider.LookupNameFromSid(String scope, String sid)
   --- End of inner exception stack trace ---
   at Altiris.NS.Security.SecurityTrusteeProvider.LookupNameFromSid(String scope, String sid)
   at Altiris.NS.Security.SecurityTrusteeManager.GetName(String scope, String trusteeIdentity, Int32 trusteeType). ---> Altiris.NS.Exceptions.AeXException: Unable to lookup the name of the account associated with the specified SID ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated.
   at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.SecurityIdentifier.Translate(Type targetType)
   at Altiris.NS.Security.SecurityTrusteeProvider.LookupNameFromSid(String scope, String sid)
   --- End of inner exception stack trace ---
   at Altiris.NS.Security.SecurityTrusteeProvider.LookupNameFromSid(String scope, String sid)
   at Altiris.NS.Security.SecurityTrusteeManager.GetName(String scope, String trusteeIdentity, Int32 trusteeType)
   --- End of inner exception stack trace ---
   at Altiris.NS.Security.SecurityTrusteeManager.GetName(String scope, String trusteeIdentity, Int32 trusteeType)
   at Altiris.NS.Security.SecurityTrusteeManager.GetName(Trustee trustee)
   at Altiris.NS.Security.SecurityTrusteeManager.AddMemberToLocalGroup(String groupSid, String memberSid)
   --- End of inner exception stack trace ---
   at Altiris.NS.Security.SecurityTrusteeManager.AddMemberToLocalGroup(String groupSid, String memberSid)
   at Altiris.NS.Utilities.AppIdentity.SetApplicationId(String sUserName, String sPassword)
   --- End of inner exception stack trace ---
   at Altiris.NS.Utilities.AppIdentity.SetApplicationId(String sUserName, String sPassword)
   at Altiris.NS.Installation.ServiceConfiguration.ConfigureServices(String username, String userpassword)
   at Altiris.NS.Installation.NSConfigurationWebService.ConfigureServices(InstallationCredential credentials, StringPair[] parameters)
The Zone of the assembly that failed was:
MyComputer )
 
******************
Priority: 1
Date: 7/13/2009 1:29:24 PM
Tick Count: 3258109
Host Name: ServerName
Process: AeXSvc (1104)
Thread ID: 28
Module: AeXSVC.exe
Source: Altiris.NS.Licensing.LicensingPolicyEventProcessor.OnTimerCallback
Description: Unexpected failure during LicensingPolicyEventManager.Collect timer callback call.
( Exception Details: Altiris.NS.Exceptions.AeXUnauthorizedAccessException: The current user does not have required permission 'read' to load item 'Software Management SP1 KB43875 '.
   at Altiris.NS.ItemManagement.Item.RaiseItemLoadFlagsSecurityException(String message)
   at Altiris.NS.ItemManagement.Item.CheckCanGetItem(IItem item, IEnumerable`1 accessPermissions, ItemLoadFlags itemLoadFlags)
   at Altiris.NS.ItemManagement.Item.GetItemInternal(Guid itemGuid, IEnumerable`1 accessPermissions, ItemLoadFlags itemLoadFlags)
   at Altiris.NS.ItemManagement.Item.GetItem[T](Guid itemGuid, IEnumerable`1 accessPermissions, ItemLoadFlags itemLoadFlags)
   at Altiris.NS.ItemManagement.Item.GetItem[T](Guid itemGuid)
   at Altiris.NS.ItemManagement.Item.GetItem(Guid itemGuid)
   at Altiris.NS.Licensing.LicensingPolicy.InitializeCore()
   at Altiris.NS.Licensing.LicensingPolicy.ReInitialize()
   at Altiris.NS.Licensing.LicensingPolicyEventProcessor.Collect()
   at Altiris.NS.Licensing.LicensingPolicyEventProcessor.OnTimerCallback(Object state) )
( Exception logged from:
   at Altiris.Diagnostics.Logging.EventLog.ReportException(Int32 severity, String strMessage, String category, Exception exception)
   at Altiris.Diagnostics.Logging.EventLog.ReportException(String strMessage, String category, Exception exception)
   at Altiris.NS.Licensing.LicensingPolicyEventProcessor.OnTimerCallback(Object state)
   at Altiris.Common.Threading.LocalTimer.InvokeCallback()
   at Altiris.Common.Threading.LocalTimer.InvokeCallbackAsync(Object state)
   at Altiris.Common.Threading.LocalThreadPool.ExecuteUserWorkItem(UserWorkItem workItem)
   at Altiris.NS.Threading.NSThreadPool.ExecuteUserWorkItem(UserWorkItem workItem)
   at Altiris.Common.Threading.LocalThreadPool.ExecuteUserWorkItemInContext(UserWorkItem workItem)
   at Altiris.Common.Threading.LocalThreadPool.ThreadPoolProc(Object threadStartParameter)
   at System.Threading.ThreadHelper.ThreadStart(Object obj)
 )
( Extra Details:  Type=Altiris.NS.Exceptions.AeXUnauthorizedAccessException Src=Altiris.NS )


 

Cause

Unknown. According to the error messages, the issue was coming for processes that were in charge of .NET 2.0. It was not able to translate the SID to a valid name or compare the rights of the account been added to the Symantec Administrators group.

Resolution

Case 1:
In this case even though the AppID account used actually appeared under the Symantec Administrators group, the installation was failing. Even though you removed and added back the account to the Symantec Administrators group or even recreated the Symantec Administrators group manually, the issue persisted. Multiple uninstalls and reinstalls were done but the issue persisted.

In this particular case the issue was resolved by installing SIM 7.0.420 and NS 7.0 SP2. The installation went without problems and the original errors were not present.

Case 2:
In another instance of this issue, we found out that the customer created a new NS in a different box but still pointing to the original database. The SIDs from one box to another were differnet causing this issue. The Symantec Administrators SID were different and since the database had still the previous SID, it was causing the failure during the installation when both SIDs were compared.
In this particular case, we created a new database and then we used KB 2296 "Procedure to move from an existing Notification Server to a new one" in order to transfer the SIDs from one database to another.

If you still have issues, then try the following:
  1. This query should show you the SIDs that are associated in the Altiris database:

    select sr.name, st.* from securitytrustee st
    left join securityrole sr
    on sr.trusteeguid = st.guid
    order by trusteeid
  2. Go to the command prompt and run whoami /all in order to find the SIDs on the system. It should return multiple lines showing something like this:

    ServerName\Symantec Administrators     Alias    S-1-5-21-1205636475-1297116057-3824750324-1011 Mandatory group, Enabled by default, Enabled group

    Note: S-1-5-21-1205636475-1297116057-3824750324-1011 is used as an example.
    Note: If you are not able to see the SIDs for one of the Security Roles, you may need to use a third-party tool such as 'psgetsid' from sysinternals.
  3. Compare the group SID on the database with the group SID on the server. In case that those are different, then you can run the following query to update the right values. Note: make sure that you have a copy of your database before updating these entries manually. Make sure that you copy the GUID for the Symantec Administrator role, for example, on the database and updated the SID from what 'whoami /all' returned:

    update
    securitytrustee
    set trustee = 'S-1-5-21-1205636475-1297116057-3824750324-1011'     --Symantec Administrators group SID goes here from results for 'whoami /all'
    where guid = '385A3986-1C08-4FDB-9C75-F13DC8E49C07' --GUID for the Symantec Administrators role goes here

  4. If you find out that the other Security roles are giving an error when you try to see the privileges on them, then follow steps 1–3 making sure that you have the right SIDs on the database.

 


Applies To
Symantec Management Platform 7.0 SP1 and above
Symantec Installation Manager 7.0.357 and above

Powered by Wolken Software