LDMS 9.0 SP2 - Console Login Error: You have insufficient rights to launch the console. Validate that you have been assigned a role or that you belong to a group that has been assigned a role.

Version 3

    Verified Product Versions

    Endpoint Manager 9.5Endpoint Manager 2016.x

    Description

    After SP2 has been installed on the LDMS 9.0 core server, the following error appears when you try to log into the console on the core server

     

    You have insufficient rights to launch the console. Validate that you have been assigned a role or that you belong to a group that has been assigned a role.

     

    Cause

    The reason why the above error occurs is that the tables that should  contain LANDesk rights are empty. Therefore there is no association  between users and their LANDesk rights. This problem is caused partly  due to SQL server using dynamic port rather than its default port 1433  and partly by the application CreateLANDeskRights.exe not being able to  connect to the SQL server on dynamic port. During SP2 installation  CreateLANDeskRights.exe will run and populate the following tables with  LANDesk rights

     

    - Permission

    - PermissionDefinition

    - PermissionDefinitionRight

    - PermissionGroup

    - PermissionRight

    Resolution

    To resolve this issue please follow below steps

     

    1. Open LANDesk Configure Services from Start > All Programs > LANDesk > LANDesk Configure Services

    2. On the General tab enter the SQL server or instance port ( SQL_Server, port_number ), i.e. LDMS9ENU, 2594

    3. Click Apply and OK

     

    Following the steps above you now should be able to log in as a user that is member of the following local security groups on the core server

     

    - LANDesk Administrator

    - LANDesk Management Suite

     

    All the previous user settings such as rights, scopes and groups will have to be recreated.

     

    Another cause for this error message could be the MBSDK web service is enabled with Anonymous access. It should be Windows Authentication only.