[YYYY-MM-DD TT:TT:TT.TTT+0000] ["ScheduledQueryServiceScheduler-thread-3"/X.X.X.X ERROR] [com.vmware.loginsight.scheduled.ScheduledQueryService] [Could not run query for alert]
com.vmware.loginsight.rbac.RBACException: User [username] not found in domain <domain_name>.
at com.vmware.loginsight.aaa.krb5.ActiveDirectoryQueryHelper.queryUserGroups(ActiveDirectoryQueryHelper.java:1042) ~[auth-lib.jar:?]
at com.vmware.loginsight.database.dao.RBACUserDO.loadDirectoryGroups(RBACUserDO.java:172) ~[database-lib-li.jar:?]
at com.vmware.loginsight.database.dao.RBACUserDO.loadDirectoryGroups(RBACUserDO.java:146) ~[database-lib-li.jar:?]
at com.vmware.loginsight.rbac.RBACUser.getDirectoryGroups(RBACUser.java:198) ~[commons-lib.jar:?]
at com.vmware.loginsight.rbac.RBACUser.getGroups(RBACUser.java:182) ~[commons-lib.jar:?]
at com.vmware.loginsight.rbac.RBACUser.getEffectiveDataSets(RBACUser.java:389) ~[commons-lib.jar:?]
at com.vmware.loginsight.scheduled.ScheduledQuerySearch.constrainSearchToUser(ScheduledQuerySearch.java:625) ~[scheduled-services.jar:?]
at com.vmware.loginsight.scheduled.ScheduledQuerySearch.doSearch(ScheduledQuerySearch.java:577) ~[scheduled-services.jar:?]
at com.vmware.loginsight.scheduled.ScheduledQuerySearch.searchGroupByQuery(ScheduledQuerySearch.java:400) ~[scheduled-services.jar:?]
at com.vmware.loginsight.scheduled.ScheduledQuerySearch.alertSearch(ScheduledQuerySearch.java:173) ~[scheduled-services.jar:?]
at com.vmware.loginsight.scheduled.ScheduledQuerySearch.alertSearch(ScheduledQuerySearch.java:132) ~[scheduled-services.jar:?]
at com.vmware.loginsight.scheduled.ScheduledQueryService.searchAndRaiseAlertIfNeeded(ScheduledQueryService.java:211) [scheduled-services.jar:?]
at com.vmware.loginsight.scheduled.ScheduledQueryService$ScheduledQueryServiceImpl$1.run(ScheduledQueryService.java:650) [scheduled-services.jar:?]
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) [?:?]
at java.util.concurrent.FutureTask.run(Unknown Source) [?:?]
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source) [?:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?]
at java.lang.Thread.run(Unknown Source) [?:?]
Caused by: com.vmware.loginsight.aaa.AuthenticationFailedException: User [username] not found in domain msc.internal.
at com.vmware.loginsight.aaa.krb5.ActiveDirectoryQueryHelper.getUser(ActiveDirectoryQueryHelper.java:142) ~[auth-lib.jar:?]
at com.vmware.loginsight.aaa.krb5.ActiveDirectoryQueryHelper.getUser(ActiveDirectoryQueryHelper.java:126) ~[auth-lib.jar:?]
at com.vmware.loginsight.aaa.krb5.ActiveDirectoryQueryHelper.queryUserGroups(ActiveDirectoryQueryHelper.java:1040) ~[auth-lib.jar:?]
... 18 more
[YYYY-MM-DD TT:TT:TT.TTT+0000] ["ScheduledQueryServiceScheduler-thread-2"/X.X.X.X ERROR] [com.vmware.loginsight.scheduled.ScheduledQueryService] [Could not run query for alert]
com.vmware.loginsight.rbac.RBACException: Cannot load Directory groups without configuration.
at com.vmware.loginsight.database.dao.RBACUserDO.loadDirectoryGroups(RBACUserDO.java:179) ~[database-lib-li.jar:?]
Aria Operations for Logs 8.18.x
This issue is encountered if the alerts were created via users imported from Active Directory and if the users were deleted or if the Active Directory configuration was removed.
Duplicate the alerts using local admin or any valid user and the alert notifications will trigger as expected.
Refer Define an Alert documentation to create the alert as required.