Client Automation - Add Security Profiles Access Denied
search cancel

Client Automation - Add Security Profiles Access Denied


Article ID: 193843


Updated On:


CA Client Automation - IT Client Manager CA Client Automation


In Security Profiles when trying to add a new group (from AD or winnt directory) Access Denied dialog box appears :




Client Automation - All Versions



This error could be cause by a communication problem with Domain Controller.


Put GUI in trace detail with this command :

cftrace -c set -l DETAIL -s 30000 -f CF -pp GUI


Reproduce the error message and check the logs DSM\logs\TRC_GUI*.log to have more details about the problem.


Example :

GUI |GetDomainControl|GetDomainControllerN|000000|INFO | GetDomainController - found domain controller \\DMCTRL1
GUI |cfspannt |cfspannt |000000|DETAIL | CCFSecAuthorityBrowser::GetFirstInternal : Using server name DMCTRL1
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetFirstInternal : API Exit - RC(0x00000000)
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetGroupsNext : API Entry
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetGroupsNext : called with GetUserName = svcitcmp
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetGroupsNext : >> NetLocalGroupEnum server_name=<DMCTRL1>
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetGroupsNext : returned 0 objects. Last O/S error 1722
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetGroupsNext : API Exit - RC(0x00000010)
GUI |cmDirProvNT |cmDirProvNT |000000|WARNING| cmDirProvNT: GetLocalGroups - failed to get local groups, nRc=0


In this example communication with Domain Controller DMCTRL1 fails with OS Error 1722 (The RPC server is unavailable)

Check if ping to Domain Controller is working fine. It could be caused by a DNS resolution name problem.


In TCP/IP v4 properties of Network adapter connections, under DNS tab the array "Append these DNS suffixes" may be filled with some DNS suffixes.