Errors when configuring Aria Automation Orchestrator Active Directory plugin with Protected user accounts
search cancel

Errors when configuring Aria Automation Orchestrator Active Directory plugin with Protected user accounts

book

Article ID: 314884

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
  • Ldap errors when configuring Aria Automation Orchestrator Active Directory plugin with Protected user accounts.
  • The /services-logs/prelude/vco-app/file-logs/vco-server-app.log contains errors similar to:

com.vmware.o11n.plugin.ad.model.AdHost - LDAP Server returned error:80090308: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52f, v4563^@
com.unboundid.ldap.sdk.LDAPBindException: 80090308: LdapErr: DSID-0C090569, comment: AcceptSecurityContext error, data 52f, v4563^@


Environment

VMware Aria Automation Orchestrator 8.x

Cause

The restrictions enforced by membership of the Protected Users Security Group are not compatible with the Aria Automation Orchestrator Active Directory plugin.

Resolution

To resolve the issue ensure that the user configured for shared session authentication for the Active Directory plugin is excluded from the Protected Users Security Group.

If the Active Directory plugin is not configured for shared session authentication and is instead leveraging session per user authentication then each potential Active Directory plugin user will need to be excluded from the Protected Users Security Group.


Additional Information

For additional information on Protected Users Security group see the official Microsoft documentation.

Powered by Wolken Software