6fb error in smaccess

book

Article ID: 192832

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

 

We're running a Policy Server and this one receives a 6fb error code from
communication with Active Directory LDAP User Store :

smaccess.log :

  2 2020-05-04 15:35:24 AuthReject myagent 10.0.0.1
  cn=jsmith,OU=users,DC=training,DC=com GET
  /myapp/mypage.html [] [0] 8009030C: LdapErr:
  DSID-0C09042F, comment: AcceptSecurityContext error, data 6fb, v2580
  [] []

How can we solve this ?

 

Environment

 

Policy Server all versions;

 

Resolution

 

At first glance, this error code comes from the Active Directory.

You can check it by running a Windows command on the PC which runs the
browser :

  Windows .NET Server 2003 Domains & Active Directory

      c:\> nltest /query

      [...]

    If an administrator has disabled the domain computer account, NLTest
    reports :

      I_NetLogonControl failed: Status = 1787 0x6fb ERROR_NO_TRUST_SAM_ACCOUNT

  https://books.google.es/books?id=TJzVAwAAQBAJ&pg=PA252&lpg=PA252&dq=active+directory+%221787%22&source=bl&ots=Klxo9xVMAe&sig=ACfU3U0YzFk3RqeUzSeJAJa2qtfqwQA42Q&hl=en&sa=X&ved=2ahUKEwjfuu76p7PpAhXNjqQKHekOBmIQ6AEwBHoECAoQAQ#v=onepage&q=active%20directory%20%221787%22&f=false

This error code is reported without SiteMinder involved :

ERROR_EAS_NOT_SUPPORTED 282 (0x11A) - Windows Error Information

   ERROR_NO_TRUST_SAM_ACCOUNT 1787 (0X6FB) means: The security
   database on the server does not have a computer account for this
   workstation trust relationship.

http://blog.iobit.com/error_no_trust_sam_account-1787-0x6fb_2160.html

1787 error_no_Trust_sam_account

  Basically this means the computer account for
  the BDC on the domain is missing

https://microsoft.public.windowsnt.domain.narkive.com/dn2lO2xb/1787-error-no-trust-sam-account

Erorr: "Your password change operation has failed. Failed. 1787" when changing a WinAD users password (259259)

  This issue occurs when the external authentication settings for
  WinAD config is set to a Domain Name (For example: yourdomain.com)
  rather than a specific Domain Controller FQDN or IP address (For
  example: dc.yourdomain.com)

https://support.oneidentity.com/es-es/kb/259259/erorr-your-password-change-operation-has-failed-failed-1787-when-changing-a-winad-users-password

So said, this issue is outside our SiteMinder Product. The issue is
with the computers involved in the transactions and their relationship
with the Windows Domain they belong.