In Security Profiles when trying to add a new group (from AD or winnt directory) Access Denied dialog box appears :
Client
Client Automation - All Versions
Put GUI in trace detail with this command :
cftrace -c set -l DETAIL -s 30000 -f CF -pp GUI
Reproduce the error message and check the logs DSM\logs\TRC_GUI*.log to have more details about the problem.
Example :
GUI |GetDomainControl|GetDomainControllerN|000000|INFO | GetDomainController - found domain controller \\DMCTRL1
GUI |cfspannt |cfspannt |000000|DETAIL | CCFSecAuthorityBrowser::GetFirstInternal : Using server name DMCTRL1
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetFirstInternal : API Exit - RC(0x00000000)
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetGroupsNext : API Entry
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetGroupsNext : called with GetUserName = svcitcmp
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetGroupsNext : >> NetLocalGroupEnum server_name=<DMCTRL1>
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetGroupsNext : returned 0 objects. Last O/S error 1722
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetGroupsNext : API Exit - RC(0x00000010)
GUI |cmDirProvNT |cmDirProvNT |000000|WARNING| cmDirProvNT: GetLocalGroups - failed to get local groups, nRc=0
In this example communication with Domain Controller DMCTRL1 fails with OS Error 1722 (The RPC server is unavailable)
Check if ping to Domain Controller is working fine. It could be caused by a DNS resolution name problem.
In TCP/IP v4 properties of Network adapter connections, under DNS tab the array "Append these DNS suffixes" may be filled with some DNS suffixes.