6fb error in smaccess
search cancel

6fb error in smaccess


Article ID: 192832


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER



We're running a Policy Server and this one receives a 6fb error code from
communication with Active Directory LDAP User Store :

smaccess.log :

  2 2020-05-04 15:35:24 AuthReject myagent
  cn=jsmith,OU=users,DC=training,DC=com GET
  /myapp/mypage.html [] [0] 8009030C: LdapErr:
  DSID-0C09042F, comment: AcceptSecurityContext error, data 6fb, v2580
  [] []

How can we solve this ?




Policy Server all versions;




At first glance, this error code comes from the Active Directory.

You can check it by running a Windows command on the PC which runs the
browser :

  Windows .NET Server 2003 Domains & Active Directory

      c:\> nltest /query


    If an administrator has disabled the domain computer account, NLTest
    reports :

      I_NetLogonControl failed: Status = 1787 0x6fb ERROR_NO_TRUST_SAM_ACCOUNT


This error code is reported without SiteMinder involved :

ERROR_EAS_NOT_SUPPORTED 282 (0x11A) - Windows Error Information

   ERROR_NO_TRUST_SAM_ACCOUNT 1787 (0X6FB) means: The security
   database on the server does not have a computer account for this
   workstation trust relationship.


1787 error_no_Trust_sam_account

  Basically this means the computer account for
  the BDC on the domain is missing


Erorr: "Your password change operation has failed. Failed. 1787" when changing a WinAD users password (259259)

  This issue occurs when the external authentication settings for
  WinAD config is set to a Domain Name (For example: yourdomain.com)
  rather than a specific Domain Controller FQDN or IP address (For
  example: dc.yourdomain.com)


So said, this issue is outside our SiteMinder Product. The issue is
with the computers involved in the transactions and their relationship
with the Windows Domain they belong.