During ChangeAuditor Agent installation the following message may be experienced while running the installer:
"Cannot create group account (domain_name). Please check if domain Controller is available and retry."
and/or
"Cannot add user (domain\user_name) to group (ChangeAuditor Agents - INSTALL_NAME). Please check if domain controller is available and retry."
The installer allows the user to 'Ignore' the warning and complete the installation.
Checking to see if Domain Controllers are available may expose no obvious issues. LDAP and GC ports may be available and network communication appears to be fine between the Workgroup machine and the forest.
Once the ChangeAuditor Agent is running the following warnings are reported in the ChangeAuditor.dll.nptlog and the Agent is never able to negotiate a connection with the Coordinator(s):
1. "DsGetDcName failed (domain_name): The specified domain either does not exist or could not be contacted.(0x0000054b)"
2. "WCF Failure: errorCode=0x803d000a"
3. "There was an error communicating with the endpoint at 'net.tcp://Server1.domain_name.com:61263/Agent/v1'."
4 "The NegotiateStream framing upgrade failed."
5. "Security verification was not successful for the received data."
6. "NegotiateStream authentication failed."
7. "No authority could be contacted for authentication."
8. "Unable to create security context for SPN 'host/server1.domain_name.com'."
9. "Security verification was not successful for the received data."
10. "No authority could be contacted for authentication."
The ChangeAuditor 6.x Agent will not install correctly or connect to the Coordinator when running on a Workgroup machine which is located behind firewall where the following netbios ports are blocked inbound to the Domain Controllers.
1. Uninstall the ChangeAuditor Agent.
2. Ensure the following ports are open inbound to the Domain Controllers prior to installation attempt:
3. Re-install the agent.
IMPORTANT NOTE: The Change Auditor agent must be installed (or re-installed) after the steps above are carried out. If there are any issues with specifying the credentials during the Agent installation and the 'ignore' option is used the Agent will never authenticate properly to the forest or the Coordinator. Credential validation must occur properly during the Agent installer.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center