Problem with Cache Builder Service. Group not found: cn=Support
Gabriel_Armenta
Member IT Monkey ✭
Hi experts Monkeys... I have a Problem with Cache Builder Service, the event viewer show "Group not found: cn=Support" my SSP is a Second SCSM Management Server... can you tell me if I need TCP port comunication to Active Directory or how to test the comunication between SSP (Cache Builder) and the Active Directory Service... In Advance Thanks
Gabriel Armenta
Best Answers
-
Katie_Dyer
Member Advanced IT Monkey ✭✭✭
Hi Gabriel,The most common issue I’ve seen when customers receive this error is the distinguished name for that group is out of sync with AD. Can you please confirm this matches on the user CI in SCSM and in AD?
If that is not the issue, then please follow the steps below:
1. Open powershell as the cachebuilder service account, on the machine where the cachebuilder is running
2. Using the Get-ADGroup command (refer: https://technet.microsoft.com/en-us/library/ee617196.aspx) try to retrieve the group
Are you able to retrieve the group? Is the cache builder service account on the same domain as the group?
Thanks!
Katie
5 -
Katie_Dyer
Member Advanced IT Monkey ✭✭✭
Does the DistinguidedName listed in the screenshot above match what was listed in the event log where you were seeing the group not found message?
Thanks!5 -
merlenette_jones
Member Advanced IT Monkey ✭✭✭
Sounds like you may have a corrupted AD connector.
I would suggest
Disabling the current AD connector
Create a new one
Sync the new connector
Recycle the cachebuilder service
Are you still receiving the same error?5
Answers
The most common issue I’ve seen when customers receive this error is the distinguished name for that group is out of sync with AD. Can you please confirm this matches on the user CI in SCSM and in AD?
If that is not the issue, then please follow the steps below:
1. Open powershell as the cachebuilder service account, on the machine where the cachebuilder is running
2. Using the Get-ADGroup command (refer: https://technet.microsoft.com/en-us/library/ee617196.aspx) try to retrieve the group
Are you able to retrieve the group? Is the cache builder service account on the same domain as the group?
Thanks!
Katie
Send you a Image with Powershell results..
Thanks!
What more can I check??
I would suggest
Disabling the current AD connector
Create a new one
Sync the new connector
Recycle the cachebuilder service
Are you still receiving the same error?
To do a FULL AD connector synchronization you need to reset the watermark on the AD connector. Steps below:
-- Execute the following SQL Query to find the DataSourceID number for the AD Connector that is used to bring the users into SM
Use ServiceManager
Select * from LFX.datasource
-- Update the line below replacing # with the corresponding AD connector DataSourceID from above to reset the AD Watermark
-- for that connector. The Next AD Synchornization performed will be a FULL synchronization. Will take a lot longer to run
exec [LFX].[ResetWatermarkForDataSource] #,'erroroutput'
From the Service Manager Console select the AD Connector and then click "Synchronize Now".
I have a 2 connectors... One to Users and the other to Groups.... This is the results of select consult:
Users DataSourceID number:
346c96a8-e5ee-48d4-b707-5f6439475610
Groups DataSourceID number:
1395390b-e433-4bf0-86d3-42ff5deaa234
where copy the DatasourceID???
You say in watermark... in the options of the connector the warter mark can´t edit... I need to edit by powershell??
Add Image of Connector Propieties
Update to
Users
exec [LFX].[ResetWatermarkForDataSource] 346c96a8-e5ee-48d4-b707-5f6439475610,'erroroutput'
Groups
exec [LFX].[ResetWatermarkForDataSource] 1395390b-e433-4bf0-86d3-42ff5deaa234,'erroroutput'
Again Thanks All