Authenticating with Active Directory
Nash9991
Posts: 3
Hi,
I have configured SQL Monitor (v 5.2.3.3831) to use AD Authentication successfully based on the documentation(http://documentation.red-gate.com/displ ... +Directory).
AD users are successfully added but cannot log on.
Below error is whats been returned every time a user tries to log on:
RpcNoResultException: System.DirectoryServices.AccountManagement.PrincipalOperationException was thrown by method Authorisation on service AuthorisationService: System.DirectoryServices.AccountManagement.PrincipalOperationException: While trying to retrieve the authorization groups, an error (5) occurred. at System.DirectoryServices.AccountManagement.AuthZSet..ctor(Byte[] userSid, NetCred credentials, ContextOptions contextOptions, String flatUserAuthority, StoreCtx userStoreCtx, Object userCtxBase) at System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p) at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper() at RedGate.Response.Engine.Monitoring.Core.Services.ActiveDirectory.UserPrincipalExtensions.d__0.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at System.Linq.Buffer`1..ctor(IEnumerable`1 source) at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source) at RedGate.Response.Engine.Monitoring.Core.Services.ActiveDirectory.ActiveDirectoryService.GetActiveDirectoryGroups(String userName) at RedGate.Response.Engine.Monitoring.Core.Services.ActiveDirectory.AuthorisationService.Authorisation(String userName)
Any assistance will be greatly appreciated
I have configured SQL Monitor (v 5.2.3.3831) to use AD Authentication successfully based on the documentation(http://documentation.red-gate.com/displ ... +Directory).
AD users are successfully added but cannot log on.
Below error is whats been returned every time a user tries to log on:
RpcNoResultException: System.DirectoryServices.AccountManagement.PrincipalOperationException was thrown by method Authorisation on service AuthorisationService: System.DirectoryServices.AccountManagement.PrincipalOperationException: While trying to retrieve the authorization groups, an error (5) occurred. at System.DirectoryServices.AccountManagement.AuthZSet..ctor(Byte[] userSid, NetCred credentials, ContextOptions contextOptions, String flatUserAuthority, StoreCtx userStoreCtx, Object userCtxBase) at System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p) at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper() at RedGate.Response.Engine.Monitoring.Core.Services.ActiveDirectory.UserPrincipalExtensions.d__0.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at System.Linq.Buffer`1..ctor(IEnumerable`1 source) at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source) at RedGate.Response.Engine.Monitoring.Core.Services.ActiveDirectory.ActiveDirectoryService.GetActiveDirectoryGroups(String userName) at RedGate.Response.Engine.Monitoring.Core.Services.ActiveDirectory.AuthorisationService.Authorisation(String userName)
Any assistance will be greatly appreciated
Comments
I've found this SO article which links to another SO article that says:
I believe this means that the user running the SQL Monitor Base Monitor service will need to be in the Windows Authorization Access group. This appears to have worked for another user getting the same error.
Please let us know if this works for you!
Kind regards,
Alex
Have you visited our Help Center?
Thanks for the assistance.
Unfortunately this doesn't work as the service account is already part of the Windows Authorization Access Groups on AD.
Are you using IIS or the XSP webserver to run the web UI? It may be that the IIS AppPool user needs to be in the Windows Authorization Access Groups as well - see this Stack Overflow article.
Kind regards,
Alex
Have you visited our Help Center?