Client Automation - Add Security Profiles Access Denied

book

Article ID: 193843

calendar_today

Updated On:

Products

CA Client Automation - IT Client Manager CA Client Automation

Issue/Introduction

In Security Profiles when trying to add a new group (from AD or winnt directory) Access Denied dialog box appears :

Client

 

Cause

This error could be cause by a communication problem with Domain Controller.
 

Environment

Client Automation - All Versions

 

Resolution

Put GUI in trace detail with this command :

cftrace -c set -l DETAIL -s 30000 -f CF -pp GUI

 

Reproduce the error message and check the logs DSM\logs\TRC_GUI*.log to have more details about the problem.

 

Example :

GUI |GetDomainControl|GetDomainControllerN|000000|INFO | GetDomainController - found domain controller \\DMCTRL1
GUI |cfspannt |cfspannt |000000|DETAIL | CCFSecAuthorityBrowser::GetFirstInternal : Using server name DMCTRL1
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetFirstInternal : API Exit - RC(0x00000000)
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetGroupsNext : API Entry
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetGroupsNext : called with GetUserName = svcitcmp
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetGroupsNext : >> NetLocalGroupEnum server_name=<DMCTRL1>
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetGroupsNext : returned 0 objects. Last O/S error 1722
GUI |cfspannt |cfspannt |000000|INFO | CCFSecAuthorityBrowser::GetGroupsNext : API Exit - RC(0x00000010)
GUI |cmDirProvNT |cmDirProvNT |000000|WARNING| cmDirProvNT: GetLocalGroups - failed to get local groups, nRc=0

 

In this example communication with Domain Controller DMCTRL1 fails with OS Error 1722 (The RPC server is unavailable)

Check if ping to Domain Controller is working fine. It could be caused by a DNS resolution name problem.

 

In TCP/IP v4 properties of Network adapter connections, under DNS tab the array "Append these DNS suffixes" may be filled with some DNS suffixes.

 

Attachments