Cachebuilder Errors when User Sync starts
Since the update to Cireson portal version 11.4 we receive warning entries in the cachebuilder log. The following errors occur, nearly all SCSM Security roles are affected, and it also occurs in different OUs:
Unable to locate user or group: domain\username in role: Administrators
For the same user, the following error occurs:
cn=username,ou=ias136-servicemanager,ou=ias,dc=domain,dc=int is a member of cn=scsm-inc-operator-global,ou=rbac,ou=scsm,ou=systemcenter,ou=applications,dc=domain,dc=int, but does not exist in the database.
The error also occurs in Application log in the event viewer. I truncated the lastModified, CIUser and CIDomainGroup tables and restarted the cachbeuilder. Unfortunately the same error occurs after the restart.
The AD connector throws no errors and the user exists in AD and also in the SCSM database.
Is this a bug in the current portal version? Because before we upgraded to 11.4 none of the errors occured.
Best Answer
-
Justin_Workman Cireson Support Super IT Monkey ✭✭✭✭✭
@Simon_Zeinhofer - I suspect this was a coincidence with the update. This error typically means you have a user or group in a role whose CI has a mismatched distinguishedName. If you look in the user CI for this object, does its distinguishedName match the distinguishedName in AD?
0
Answers
@Simon_Zeinhofer - I suspect this was a coincidence with the update. This error typically means you have a user or group in a role whose CI has a mismatched distinguishedName. If you look in the user CI for this object, does its distinguishedName match the distinguishedName in AD?
Hello Justin,
thanks for your response. I had a look at the database and the DN matches the DN from AD.
But when I tried to open one of these users ( I tested 3 of them) in the SCSM console, the extension tab with the DN and so on, is missing. When I open a user who is not mentioned in the Cachebuilder logs, the tab is there.
Might this be an issue with the AD User connector? To be honest I think about creating a new User Connector.
Creating a new conenctor, Watermark reset etc. did not help unfortunately.
I copied all lines from the cachebuilder log today, so I could filter for all lines, where a user was not found inside the standard End user group.
With the help of an orchestrator runbook I deleted all of these CIs, resetted the watermark of the user and group connectors, truncated the LastModified, CI$User and CI$DomainGroup table.
After a connector run, all users got synced correctly and the error messages disappeared.
Thank you @Justin_Workman for the hint :)