User is in a nested Active Directory Security Group - Global group with default LANDeskComPlus identity

Version 1

    Description

     

    User is in a nested Active Directory Security Group - Global group with default LANDeskComPlus identity.

     

     

    Unable to validate the current user with the database.

     

    Troubleshooting

    1. Enabling logging by adding a registry key to the Core Server: HKLM\Software\LANDesk\ManagementSuite\Core Type: DWORD Name: LogEvents Value: 1
    2. Try to log into the Web Console again.
    3. Look at event logs. 4/29/2008 4:59:21 PM LANDesk Abstraction Layer Information None 0 N/A LD88 "The description for Event ID ( 0 ) in Source ( LANDesk Abstraction Layer ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Checking to see if Domain\user is a LANDesk Software user on LD88 based on group membership. Domain\user is not a LANDesk Software user. ERROR on 4/29/2008 4:59:21 PM with user Domain\user, and core LD88: GetGroupUsers() : NetGroupGetUsers failed with an ERROR_LOGON_FAILURE code. IIS may not have permission to query the domain for group information. ERROR on 4/29/2008 4:59:21 PM with user Domain\user, and core LD88: GetGroupUsers() : NetGroupGetUsers failed with an ERROR_LOGON_FAILURE code. IIS may not have permission to query the domain for group information.

     

    ."

     

    4/29/2008     4:59:21 PM     LANDesk Abstraction Layer     Information     None     0     N/A     LD88     The description for Event ID ( 0 ) in Source ( LANDesk Abstraction Layer ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: User Domain\user was not found on the local core LD88.  Checking the domain controller....

     

    4/29/2008     4:59:21 PM     LANDesk Abstraction Layer     Information     None     0     N/A     LD88     The description for Event ID ( 0 ) in Source ( LANDesk Abstraction Layer ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Found local groups.

     

    4/29/2008     4:59:21 PM     LANDesk Abstraction Layer     Information     None     0     N/A     LD88     The description for Event ID ( 0 ) in Source ( LANDesk Abstraction Layer ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Checking local groups.

     

    4/29/2008     4:59:21 PM     LANDesk Abstraction Layer     Information     None     0     N/A     LD88     The description for Event ID ( 0 ) in Source ( LANDesk Abstraction Layer ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: User: Domain\user.

     

    4/29/2008     4:59:21 PM     LANDesk Abstraction Layer     Information     None     0     N/A     LD88     The description for Event ID ( 0 ) in Source ( LANDesk Abstraction Layer ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Starting to validate the user.

     

    Cause

    The default LANDeskComPlus user is a local user to the Core Server and is not a domain user.  It does not have rights to enumerate nested groups in Active Directory, so it is unable to locate users in nested groups.

     

    Resolution

    Configure the identity of the LANDesk1 COM+ Application to be a user in Active Directory.  This user must also be a member of the LANDesk Management Suite group on the Core Server.