Authenticating with Active Directory

Nash9991Nash9991 Posts: 3
edited July 5, 2016 10:15AM in SQL Monitor Previous Versions
Hi,

I have configured SQL Monitor (v 5.2.3.3831) to use AD Authentication successfully based on the documentation(http://documentation.red-gate.com/displ ... +Directory).
AD users are successfully added but cannot log on.

Below error is whats been returned every time a user tries to log on:

RpcNoResultException: System.DirectoryServices.AccountManagement.PrincipalOperationException was thrown by method Authorisation on service AuthorisationService: System.DirectoryServices.AccountManagement.PrincipalOperationException: While trying to retrieve the authorization groups, an error (5) occurred. at System.DirectoryServices.AccountManagement.AuthZSet..ctor(Byte[] userSid, NetCred credentials, ContextOptions contextOptions, String flatUserAuthority, StoreCtx userStoreCtx, Object userCtxBase) at System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p) at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper() at RedGate.Response.Engine.Monitoring.Core.Services.ActiveDirectory.UserPrincipalExtensions.d__0.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at System.Linq.Buffer`1..ctor(IEnumerable`1 source) at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source) at RedGate.Response.Engine.Monitoring.Core.Services.ActiveDirectory.ActiveDirectoryService.GetActiveDirectoryGroups(String userName) at RedGate.Response.Engine.Monitoring.Core.Services.ActiveDirectory.AuthorisationService.Authorisation(String userName)


Any assistance will be greatly appreciated

Comments

  • Alex BAlex B Posts: 1,158 Diamond 4
    Hi Nash9991,

    I've found this SO article which links to another SO article that says:
    I assume GetAuthorizationGroups() calls in to tokenGroups in AD. To read that, your service account (or IIS machine account if Network Service) needs to be in the Windows Authorization Access group in AD.

    I believe this means that the user running the SQL Monitor Base Monitor service will need to be in the Windows Authorization Access group. This appears to have worked for another user getting the same error.

    Please let us know if this works for you!

    Kind regards,
    Alex
    Product Support Engineer | Redgate Software

    Have you visited our Help Center?
  • Hi Alex,

    Thanks for the assistance.

    Unfortunately this doesn't work as the service account is already part of the Windows Authorization Access Groups on AD.
  • Alex BAlex B Posts: 1,158 Diamond 4
    Hi Nash9991,

    Are you using IIS or the XSP webserver to run the web UI? It may be that the IIS AppPool user needs to be in the Windows Authorization Access Groups as well - see this Stack Overflow article.

    Kind regards,
    Alex
    Product Support Engineer | Redgate Software

    Have you visited our Help Center?
Sign In or Register to comment.