IT Monkey:   Click Here to Help Me Build the Agenda for Upcoming Cireson Webinars!

Scoped Access Error

Michael_DuganMichael_Dugan Premier Partner IT Monkey ✭
Hello,

Recently, I noticed an error appear with cache builder trying to get through user roles and access. I received a generic error stating that something is null, and I cannot determine what is happening. Basically, cache builder connects just fine to the domain controller to check users there and as it's adding users to the Incident Resolvers security role, this error is thrown:

2017-05-22 14:55:43,736, ERROR [   5]:  Error:
System.ArgumentNullException: Value cannot be null.
Parameter name: key
   at System.Collections.Generic.Dictionary`2.FindEntry(TKey key)
   at System.Collections.Generic.Dictionary`2.ContainsKey(TKey key)
   at Cireson.CacheBuilder.Service.Util.RoleUserUtil.GetUsers(IReadOnlyDictionary`2 loginNameMap, IReadOnlyDictionary`2 groupNames, String userOrGroupName, UserRole userRole)
   at Cireson.CacheBuilder.Service.Util.RoleUserUtil.<>c__DisplayClass31_1.<BuildRoleUserMapAsync>b__4(String u)
   at System.Linq.Enumerable.<SelectManyIterator>d__16`2.MoveNext()
   at Cireson.CacheBuilder.Service.Util.RoleUserUtil.<BuildRoleUserMapAsync>d__31.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Cireson.CacheBuilder.Service.Util.RoleUserUtil.<Rebuild>d__19.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Cireson.CacheBuilder.Service.Commands.ScopedAccessCommand.<>c__DisplayClass14_0.<<Synchronize>b__0>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Cireson.ServiceManager.DAL.Database.<Retry>d__11.MoveNext()
2017-05-22 14:55:43,740, ERROR [   5]:  Unable to sync SCOPED ACCESS, the operation failed permanently. Please review the log for errors, correct them, then restart the cachebuilder service.

Can anyone provide any explanation around that error?

Much appreciated!

Answers

  • Michael_DuganMichael_Dugan Premier Partner IT Monkey ✭
    As a side note, we have truncated the CI$User, CI$DomainGroup, and LastModified tables in the ServiceManagement database -- but that did not resolve this error that we're getting.
  • merlenette_jonesmerlenette_jones Member Advanced IT Monkey ✭✭✭
    Hello Michael,

    Are you able to access the Portal still?

    Looks like the groups may not be in the CMDB, I would recommend checking those AD groups exist and if not sync your AD connector.

    When the cachebuilder service account tries to retrieve that group from active directory, it receives a null value. It's possible that the distinguished name for that group is out of sync with AD - so please check and see if that's the case here. If that's not the issue, then that probably indicates a permissions problem - here's what I would do: 1. Open powershell as the cachebuilder service account, on the machine where the cachebuilder is running
    2. Using the Get-ADGroup command (refer: https://technet.microsoft.com/en-us/library/ee617196.aspx) try to retrieve the group



  • Jeremy_WhalenJeremy_Whalen Customer IT Monkey ✭
    edited June 2018
    I am having the same issue as @Michael_Dugan Was there ever a solution?
     
  • Rod_MartenRod_Marten Customer IT Monkey ✭
    Jeremy,  I had similar errors.  My root cause is that there was an AD group in the SCSM CMDB that no longer existed in AD.  Deleting the group from the CMDB resolved the issue.
  • Jeremy_WhalenJeremy_Whalen Customer IT Monkey ✭
    Rod, ours was also AD related. We had several corrupted AD user accounts in our Analyst security group. We removed them and, after refreshing the AD connectors, we were back in business.
  • Narmin_HemnaniNarmin_Hemnani Customer IT Monkey ✭

    Please let us know the steps to get the corrupted AD users and how you removed them

Sign In or Register to comment.