Unable to log into the console or a user cannot perform an action when they have the rights to do so

Version 2

    Verified Product Versions

    Endpoint Manager 9.6Endpoint Manager 2016.x

    Description: In some cases users with the correct role/rights are unable to log into the console or perform the action they should have the rights to do.

     

    Cause: The database or data was sync'd from another core and the SID's on the local groups LANDesk Administrators and LANDesk Management Suite are incorrect in the database. The utility compares the SID's and if they are different then the utility attempts to add new rows which errors as the name must be unique.

     

    Resolution:

     

    To test this issue:

    1- Run C:\Program Files\LANDesk\ManagementSuite\CreateLANDeskRights.exe

    2- Analyze the log for the executable in the C:\Program Files\LANDesk\ManagementSuite\Log folder. If the log contains something similar to the error below then the SID's do not match and needs to be corrected.

     

    Violation of UNIQUE KEY constraint 'UQ_ConsoleUser'. Cannot insert duplicate key in object 'dbo.ConsoleUser'. The duplicate key value is (LDCORE4\LANDesk Administrators).

    The statement has been terminated. retry count exceeded(10)

     

    To fix this issue:

     

    1- Add the currently logged in user to the LANDesk Administrators and LANDesk Management Suite local groups if they are not a member already. This can be temporary.

    2- Open an Administrators Command Prompt and run "whoami /groups | more". See example below:

     

    Console1.png

     

    3- The command in step 2 will display the SID's on this core for the local groups. Write these down. The SID starts with S-1...etc.

    4- Connect to the database for this core.

    5- Run "SELECT * FROM CONSOLEUSER". This will display the current users and groups in the database. Look for the rows that match the LANDesk Administrators and LANDesk Management Suite groups. See if the SID in the database matches what you wrote down. If it doesn't go on to step 6. Example below:

     

    Console2.png

     

    Console3.png

     

    6- Run UPDATE CONSOLEUSER SET ObjectSid = 'replace this comment with the sid you copied in step 3 for the LANDesk Administrators group' WHERE UserName LIKE '%LANDesk Administrators'

    7- Run UPDATE CONSOLEUSER SET ObjectSid = 'replace this comment with the sid you copied in step 3 for the LANDesk Management Suite group' WHERE UserName LIKE '%LANDesk Management Suite'

    8- Open an administrators command prompt on the LANDesk Core. Run "C:\Program Files\LANDesk\ManagementSuite\CreateLANDeskRights.exe". Make sure the log as before no longer contains an error.

    9- Open an administrators command prompt on the LANDesk Core. Run "C:\Program Files\LANDesk\ManagementSuite\ResolveUserGroups.exe".