This post is more than 5 years old
31 Posts
0
185667
March 24th, 2014 01:00
vWorkspace password manager can't start
Hi All,
We're having problems getting vWorkspace password manager to work. It is installed on our connection broker server.
We are running vWorkspace 8.0 MR1 with the latest patches (that I know of).
Here is the password manager log (the relevant part, anyway):
03/24/14 18:12:37 - 48160 - 24-Mar-2014 18:12:37 - 48160 : 48392 - TrustedForestsLocal::getTrustedForestObjects: RootDomainNamingContext is " "
03/24/14 18:12:37 - 48160 - 24-Mar-2014 18:12:37 - 48160 : 48392 - TrustedForestsLocal::getTrustedForestObjects: System Container is "LDAP://CN=System, "
03/24/14 18:12:37 - 48160 - 24-Mar-2014 18:12:37 - 48160 : 48392 - TrustedForestsLocal::getTrustedForestObjects: ERROR: ADsGetObject(strmForestSystemContainer, IID_IDirectorySearch) failed, hr = 0x8007200a
03/24/14 18:12:37 - 48160 - 24-Mar-2014 18:12:37 - 48160 : 48392 - TrustedForestsLocal::populateTrustedForests: Caught exception: err=-2147016694, msg = Failed to get trusted forest objects
03/24/14 18:12:37 - 48160 - 24-Mar-2014 18:12:37 - 48160 : 48392 - TrustedForestsLocal::threadFunc: Leaving
03/24/14 18:12:37 - 48160 - 24-Mar-2014 18:12:37 - 48160 : 48620 - TrustedForests::waitForThreadToExit: thread has exited
03/24/14 18:12:37 - 48160 - 24-Mar-2014 18:12:37 - 48160 : 48620 - TrustedForestsMgr::waitForAllTFOThreadsToExit: All trusted forest threads have exited
03/24/14 18:12:37 - 48160 - 24-Mar-2014 18:12:37 - 48160 : 48620 - TrustedForestsMgr::dumpAllData: Entering...
03/24/14 18:12:37 - 48160 - 24-Mar-2014 18:12:37 - 48160 : 48620 - TrustedForestsMgr::dumpAllData: Dumping local wheel trusted forest data
03/24/14 18:12:37 - 48160 - 24-Mar-2014 18:12:37 - 48160 : 48620 - TrustedForestsMgr::dumpAllData: 0 --------------------------------------------------------------------------------------------------------------
03/24/14 18:12:37 - 48160 - 24-Mar-2014 18:12:37 - 48160 : 48620 - TrustedForests::dumpData: dumping 0 TFOs
03/24/14 18:12:37 - 48160 - 24-Mar-2014 18:12:37 - 48160 : 48620 - TrustedForestsMgr::dumpAllData: Dumping 0 multi-tenancy trusted forest wheels
03/24/14 18:12:37 - 48160 - 24-Mar-2014 18:12:37 - 48160 : 48620 - TrustedForestsMgr::dumpAllData: --------------------------------------------------------------------------------------------------------------
03/24/14 18:12:37 - 48160 - Https started.
Any ideas?
Thanks,
Nick.
nicholas.fletch
31 Posts
1
March 26th, 2014 23:00
This is fixed.
The problem was the domain settings. Our full domain is Corp.Local.
In the User Domains part of the Web Access Site Properties, we had only Corp.Local, so in the Password Management part Corp.Local was our only option when adding a password server. This isn't correct. I added "Corp" to the User Domains section, and changed password management server to use the "Corp" domain, and it all works now.
Note, i'm still getting this error in the logs when the password management service starts:
03/27/14 16:32:57 - 10136 - 27-Mar-2014 16:32:57 - 10136 : 9180 - TrustedForestsLocal::getTrustedForestObjects: ERROR: ADsGetObject(strmForestSystemContainer, IID_IDirectorySearch) failed, hr = 0x8007200a
03/27/14 16:32:57 - 10136 - 27-Mar-2014 16:32:57 - 10136 : 9180 - TrustedForestsLocal::populateTrustedForests: Caught exception: err=-2147016694, msg = Failed to get trusted forest objects
But it doesn't seem to affect the ability of the service to change passwords - everything appears to work.
Thanks,
Nick.
nicholas.fletch
31 Posts
0
March 26th, 2014 23:00
OK, it's fixed.
The problem was the domain.
Our full domain is corp.local.
In the User Domains part of the web access site properties, we had Corp.Local. Therefore when adding the password management settings, our only domain option was corp.local, which isn't correct.
So i added "corp" to the user domains section, then was able to choose "Corp" as the domain in the password management settings, and it all worked.
Note, we're still getting:
10136 : 9180 - TrustedForestsLocal::getTrustedForestObjects: ERROR: ADsGetObject(strmForestSystemContainer, IID_IDirectorySearch) failed, hr = 0x8007200a
10136 : 9180 - TrustedForestsLocal::populateTrustedForests: Caught exception: err=-2147016694, msg = Failed to get trusted forest objects
in the logs, but it doesn't appear to affect the ability to change user's passwords.
Thanks.
DELL-Sam H
57 Posts
0
March 26th, 2014 06:00
Hi Nick,
Does the Password service actually start succesfully? If so do you get an error message when trying to change the password?
How many domains do you have in your environment? Are they trusted or untrusted (managed)? Does the server that runs the Password manager service (and broker) have access to run LDAP queries against all domains in your forest?
This article may help:
https://support.software.dell.com/vworkspace/kb/92435
Thanks,Sam
nicholas.fletch
31 Posts
0
March 26th, 2014 19:00
Hi Sam,
Thanks for the reply!
To answer your questions:
1) Yes, the password manager starts successfully (in that it's running), but as you can see from the logs it doesn't seem happy about it.
2) Yes I get an error, but more on this later
3) We only have 1 domain that we want to reset passwords on (CORP). We have at least one other domain (that I know of..). The password manager box / CB is a member of this CORP domain, and has access to perform LDAP queries against the CORP DCs.
I read that article, and while it doesn't exactly explain our issue, I tried giving the CB computer object full (except for delete) access to the System OU in the CORP domain. This got us a bit further - I'm now getting a different error in the logs:
...
03/27/14 11:16:58 - 1976 - 27-Mar-2014 11:16:58 - 1976 : 8184 - TrustedForestsLocal::getPartitions: Column name is "nETBIOSName"
03/27/14 11:16:58 - 1976 - 27-Mar-2014 11:16:58 - 1976 : 8184 - TrustedForests::getPartitions: attr name: "nETBIOSName"
03/27/14 11:16:58 - 1976 - 27-Mar-2014 11:16:58 - 1976 : 8184 - TrustedForests::getPartitions: attr type: 3
03/27/14 11:16:58 - 1976 - 27-Mar-2014 11:16:58 - 1976 : 8184 - TrustedForests::getPartitions: num vals: 1
03/27/14 11:16:58 - 1976 - 27-Mar-2014 11:16:58 - 1976 : 8184 - TrustedForests::getPartitions: value "CORP"
03/27/14 11:17:49 - 6332 - 27-Mar-2014 11:17:49 - 6332 : 7028 - TrustedForestsLocal::getTrustedForestUpnSuffixes: ERROR: DsGetDcNameW failed, dwres = 0x0000054b
03/27/14 11:17:49 - 6332 - 27-Mar-2014 11:17:49 - 6332 : 7028 - TrustedForestsLocal::getTrustedForestUpnSuffixes: Caught exception: err=1355, msg = Failed to get UPN suffixes for trusted forest
03/27/14 11:17:49 - 6332 - 27-Mar-2014 11:17:49 - 6332 : 7028 - TrustedForestsLocal::getPartitions: ConfigurationNamingContext is ""
03/27/14 11:17:49 - 6332 - 27-Mar-2014 11:17:49 - 6332 : 7028 - TrustedForestsLocal::getPartitions: Configuration path is "LDAP://"
03/27/14 11:17:49 - 6332 - 27-Mar-2014 11:17:49 - 6332 : 7028 - TrustedForestsLocal::getPartitions: ERROR: ADsGetObject(strmConfigurationContainerPath, IID_IDirectorySearch) failed, hr = 0x80005000
03/27/14 11:17:49 - 6332 - 27-Mar-2014 11:17:49 - 6332 : 7028 - TrustedForestsLocal::getPartitions: Caught exception: err=-2147463168, msg = Failed to get Active Directory partitions
03/27/14 11:17:49 - 6332 - 27-Mar-2014 11:17:49 - 6332 : 7028 - TrustedForestsLocal::populateTrustedForests: Successfully retrieved trusted forest objects from Active Directory
...
When I try and change my password on the website, i get this error:
Connection failed (12175).
Nothing is written to the password manager logs when this happens, though. I saw THIS article, and my certificate on the password manager console didn't have a friendly name at all. I added it in, restarted the password manager service, but i still get the same above errors.
Any ideas?
Thanks,
Nick.