Client Automation - Add Security Profiles Access Denied
Article ID: 193843
Updated On:
Products
CA Client Automation - IT Client Manager
CA Client Automation
Issue/Introduction
In Security Profiles when trying to add a new group (from AD or winnt directory) Access Denied dialog box appears :
Client
Environment
Client Automation - All Versions
Cause
This error could be cause by a communication problem with Domain Controller.
Resolution
Put GUI in trace detail with this command :
cftrace -c set -l DETAIL -s 30000 -f CF -pp GUI
Reproduce the error message and check the logs DSM\logs\TRC_GUI*.log to have more details about the problem.
Example :
GUI |GetDomainControl|GetDomainControllerN|000000|INFO | GetDomainController - found domain controller \\DMCTRL1
GUI |cfspannt |cfspannt |000000|DETAIL | CCFSecAuthorityBrowser::GetFirstInternal : Using server name DMCTRL1
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetFirstInternal : API Exit - RC(0x00000000)
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetGroupsNext : API Entry
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetGroupsNext : called with GetUserName = svcitcmp
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetGroupsNext : >> NetLocalGroupEnum server_name=<DMCTRL1>
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetGroupsNext : returned 0 objects. Last O/S error 1722
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetGroupsNext : API Exit - RC(0x00000010)
GUI |cmDirProvNT |cmDirProvNT |000000|WARNING| cmDirProvNT: GetLocalGroups - failed to get local groups, nRc=0
In this example communication with Domain Controller DMCTRL1 fails with OS Error 1722 (The RPC server is unavailable)
Check if ping to Domain Controller is working fine. It could be caused by a DNS resolution name problem.
In TCP/IP v4 properties of Network adapter connections, under DNS tab the array "Append these DNS suffixes" may be filled with some DNS suffixes.
Feedback
Yes
No
Powered by
