I am trying to configure User ID with Active Directory. But stuck with some errors, listed below :
1) Unable to retrieve the Userid IP mapping information from Active Directory (win 2003 Sp2).
2) After installing the User ID Agent and configuring... when i click the commit button in User-ID Agent the Agent is not responding and hanging. (In Win XP professional SP 3)
3) Everytime i press the commit i have to restart the device running User-ID Agent.
4) Even after all this ip and users are not able to fetch from AD it is showing an error "OpenEventLog failed for DC in Active Directory Server"
I am also attaching the screenshots of the error and topology
Can anyone please help me setup the User ID with Active directory or sight a reference for this?
Looking at the logs that you have provided this looks like an access rights issue. The user-id agent should be configured with a DC administrator level username and password, so that when the user-id agent communicates with the windows server then it tries to read the security logs of the server which is possible only with a administrator level account that you have configured on the agent. So please try to change the username and password settings on the user-id agent and provide with a DC admin level account and let us know if you still have any issues.
For your reference, here are some of the documents that can help you in this process.
I hope this helps.
The Account that is used on the agent should have the rights to read the security log events from the DC generated by your host when authenticating on the DC. It could be any account but with RIGHTS to read the security events logs. Also in the Services go to User ID agent and log on settings and check if you have the correct account there or not?
Syed R Hasnain
I am able to login into the AD using the same user account and view the Event Logs...
Please let me know if their is any way to test the user account...
If you've followed the documents provided by sdurga, and still have the same error message in the logs, I would suggest testing with a domain admin account, to see if you've done something wrong when setting the permissions for the account you're using.
I prefer to not have too many accounts with domain admin; I use the principal of least priviledge in our domain. Therefore, I created a single user called "panuser". I granted it permission in the domain controller GPO to read the DC event logs. I made it a local admin on the server hosting the User ID agent, AND, I set the User ID service to start using that same account. I did this for consistency as I have only one account to deal with if there is a problem. Second, it seemed like not everything worked properly until I did this.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!