Up to Discussions in Console (Remote 32-bit)

This Question is Not Answered

1 "correct" answer available (20 pts)
20 Replies Last post: Feb 14, 2008 10:37 PM by ryse   1 2 Previous Next
ryse Apprentice
ryse
126 posts since
Dec 16, 2007
Currently Being Moderated

Feb 12, 2008 8:23 AM

AD Groups inside LANDesk Managment suite group

 

Hi guys,

 

 

I nested AD groups inside of the LANDesk Managment suite group and im getting a Domain\User is not a member of the LANDesk® Management Suite Group. (User Authentication Error -500) . From my understanding If I changed the com+ objects to a domain account that LANDesk will be able to enumerate group membership. It seems to work for the Web console but not for the 32-bit. I dragged the AD groups into the active directory section under users aswell.

 

 

Am I missing a step?

 

 

 

Thanks in advance!

 

 

 

 

 

Spad Apprentice
Spad
39 posts since
Dec 18, 2007
Currently Being Moderated
1. Feb 12, 2008 8:49 AM in response to: ryse
Re: AD Groups inside LANDesk Managment suite group

Are your users logging on to the console with the full "domain\username" syntax?

Report Abuse
ryse Apprentice
ryse
126 posts since
Dec 16, 2007
Currently Being Moderated
2. Feb 12, 2008 8:51 AM in response to: Spad
Re: AD Groups inside LANDesk Managment suite group

 

yes. All users are using domain\user

 

 

 

 

 

Report Abuse
Rookie
The_Shadow
14 posts since
Dec 14, 2007
Currently Being Moderated
3. Feb 12, 2008 7:01 PM in response to: ryse
Re: AD Groups inside LANDesk Managment suite group

 

Have you logged into the console, gone to Tools -

Administration - Users - All Users and clicked the refresh button?

 

 

Report Abuse
ryse Apprentice
ryse
126 posts since
Dec 16, 2007
Currently Being Moderated
4. Feb 13, 2008 9:21 PM in response to: The_Shadow
Re: AD Groups inside LANDesk Managment suite group

This did not fix the problem.. Its begining to become a big issue alot of users are calling up with the same error. As soon as we drop there individual accounts into the group it works fine..  Any other ideas?

Report Abuse
Spad Apprentice
Spad
39 posts since
Dec 18, 2007
Currently Being Moderated
5. Feb 14, 2008 1:43 AM in response to: ryse
Re: AD Groups inside LANDesk Managment suite group

Global or Local security group? I know with 8.6 we had some problems whereby Landesk refused to enumerate any members of Local groups but was quite happy with Global ones.

Report Abuse
ryse Apprentice
ryse
126 posts since
Dec 16, 2007
Currently Being Moderated
6. Feb 14, 2008 7:02 AM in response to: Spad
Re: AD Groups inside LANDesk Managment suite group

 

All of my groups are global Security groups.. Should they be distribution?

 

 

Report Abuse
ryse Apprentice
ryse
126 posts since
Dec 16, 2007
Currently Being Moderated
7. Feb 14, 2008 8:10 AM in response to: ryse
Re: AD Groups inside LANDesk Managment suite group

 

I opened the uservalidatorerrlog.txt and I noticed the following:

 

 

 

GetGroupUsers() : NetGroupGetUsers failed with an ERROR_LOGON_FAILURE code.  IIS may not have permission to query the domain for group information.

 

 

The webconsole works fine and the Com+ object is configured with a domain account...  ? ?:|

 

 

Report Abuse
Jody Evans Rookie
Jody Evans
12 posts since
Dec 12, 2007
Currently Being Moderated
8. Feb 14, 2008 1:13 PM in response to: ryse
Re: AD Groups inside LANDesk Managment suite group

Simple but crucial item to check - have you ensured that the COM+ credentials are not locked out and/or the pw is entered correctly?  I say this only because I've seen this happen before, e.g., the account's password was modified and nobody told the LANDesk admin.

Report Abuse
ryse Apprentice
ryse
126 posts since
Dec 16, 2007
Currently Being Moderated
9. Feb 14, 2008 2:30 PM in response to: Jody Evans
Re: AD Groups inside LANDesk Managment suite group

 

The account is not locked out and the password is set to never expire. It was not changed. Thanks anyways.. 

 

 

Report Abuse
rhyous SupportEmployee
rhyous
997 posts since
Nov 19, 2007
Currently Being Moderated
10. Feb 14, 2008 2:35 PM in response to: ryse
Re: AD Groups inside LANDesk Managment suite group

Really the only answer is that the Com+ objects have to run as a user that can enumerate the groups in a domain.

 

I have often seen the change to a username not work until after a reboot even though I stopped and started the objects.  You probably already rebooted though.

 

It looks like you are doing things right and if those Com+ objects are correct, the Domain\User and password are correct and working, and a reboot didn't fix it, then you have done nothing wrong at all.  It is probably something like a poorly registered .NET Framework or a problem with the Core Server's domain membership.

 

Again, you are doing it right, it should be working.

Report Abuse
ryse Apprentice
ryse
126 posts since
Dec 16, 2007
Currently Being Moderated
11. Feb 14, 2008 2:56 PM in response to: rhyous
Re: AD Groups inside LANDesk Managment suite group

Yah.. It just does not make any sence.. We rebooted.. I did not re register .net but whats the odds of it being broken on 5 cores.. Does the COM object cache any credentials? Ill try and remove the COM object credentials reboot and Re add them..

Report Abuse
Zman Master
Zman
1,836 posts since
Dec 14, 2007
Currently Being Moderated
12. Feb 14, 2008 3:15 PM in response to: ryse
Re: AD Groups inside LANDesk Managment suite group

Looks like you are doing everything correct. I have to ask <grin>, have you changed the credentials on both COM+ objects? Also just to be sure it is not a account issue (some weird GPO restriction), change the credentials to your username and password, just for S&Gs.

Report Abuse
Jody Evans Rookie
Jody Evans
12 posts since
Dec 12, 2007
Currently Being Moderated
13. Feb 14, 2008 3:35 PM in response to: ryse
Re: AD Groups inside LANDesk Managment suite group

 

ryse wrote:
whats the odds of it being broken on 5 cores.. 
Exactly.


    




                                
                                

                            


                                
                                

                                            Report Abuse


                                

                                
                        


                    

                

                

                

                





                

                

                


                


                    

                        
                        


                                
            
                ryse
                Apprentice 
                                

                                

ryse                                

                                126 posts since 
Dec 16, 2007

                        


                        

                            


                                
Currently Being Moderated

                                

                                    14.
                                Feb 14, 2008 3:44 PM

                                    
in response to:                                     Jody Evans

                                



                                 Re: AD Groups inside LANDesk Managment suite group




                            

                            

                                
I just changed the COM+ users password changed it on all of the cores and rebooted.. Still the same Issue. Why would the error log state that IIS does not have permission? Could permissions on IIS be hosed? Whats the process the console uses to enumerate the NT group. Does it have anything to do with the APPPool credentials? Its local service.. ?


    




                                
                                

                            


                                
                                

                                            Report Abuse


                                

                                
                        


                    

                

                

                

                






                    
                    

                        


                            Go to original post

                            
                            
                                
                                        1
                                        2
                                
                                
                                        Previous
                                        Next
                                
                            
                            
                        

                    

                    



                        



            

            

        

    

    



    
    

        
        

        

    
    
    


            
            



    

        
More Like This

        

            
    
                
  • Retrieving data ...
    • 
            

        

    





            
            



        

        
    

    









        



    
 
  
  
 
   LANDesk Community powered by Jive Software's Clearspace ®                                                                             Subscribe| Legal Notices| Investor Relations| Avocent| Privacy Policy  © 2009 LANDesk Software