Symantec Management Platform (Notification Server)

 View Only

  • 1.  ITMS 7.1 Software Portal Error: Failed to get membership in domain tree

    Posted Apr 10, 2011 12:56 PM

     

     

    Hi All,
     
    I'm having a problem with ITMS 7.1 and the software portal. I can't get the Software Admin page to load on the server, and I can get the user page to load from a client. I keep getting an error "Failed to get membership in domain tree".
     
    The server is in our resource domain, while the users are in our security objects/user domain - they are both part of the same forest. The application identity is in the resource domain
     
    All the other solutions load just fine, and I've imported all the user accounts from our user domain, so I know it's not a communication issue. I am using my user domain account to access the console and all other pages work just fine, and I can also enumerate all the users across the domains on the computer itself.
     
    Other things to note, we are using a preferred NS host name that is different from the FQDN and we are using SSL. I have updated the LSA registry entry to allow the loopback using the friendly name.
     
    I'm going to open a tech case, just wondering if anyone has seen this before?
     
    Thanks,
    Rob
     
     
     
    Log File Name: D:\SMPLogs\a3.log
    Priority: 1
    Date: 4/9/2011 9:24:47 PM
    Tick Count: 77707764
    Host Name: HPVRESALT01
    Process: w3wp (5232)
    Thread ID: 1418
    Module: w3wp.exe
    Source: Altiris.SoftwarePortal.Resources.SoftwarePublishingUtil.GetDomainTreeMembership
    Description: Failed to get membership in domain tree
    **CEDUrlStart** :http://entced.symantec.com/entt?product=SMP&version=7.1.6797.0&language=en&module=CdMCH7zuq7YXd7T9bJ8iPoVb+rbB2F9L0IFvjsP56vWTjX3VzJtCOzperOT8pRSa&error=-552778274&build=**CEDUrlEnd**
     
    ( Exception Details: System.Threading.ThreadAbortException: Thread was being aborted.
       at Altiris.SoftwarePortal.Resources.SoftwarePublishingUtil.GetDomainTreeMembership(Domain domain, DirectoryEntry userDirectory, Dictionary`2& membership, Dictionary`2& analyzedInDomain, List`1& knownDomainRelations) )
    ( Exception logged from:
       at Altiris.Diagnostics.Logging.EventLog.ReportException(Int32 severity, String strMessage, String category, Exception exception)
      at Altiris.NS.Logging.EventLog.ReportException(Int32 severity, String strMessage, String category, Exception exception)
      at Altiris.SoftwarePortal.Resources.SoftwarePublishingUtil.GetDomainTreeMembership(Domain domain, DirectoryEntry userDirectory, Dictionary`2& membership, Dictionary`2& analyzedInDomain, List`1& knownDomainRelations)
       at Altiris.SoftwarePortal.Resources.SoftwarePublishingUtil.GetDomainTreeMembership(String domainName, String userName, Dictionary`2& membership)
       at Altiris.SoftwarePortal.Resources.SoftwarePublishingUtil.GetRemoteUserMembership(String remoteUser)
       at Altiris.SoftwarePortal.Web.ContextUtil.get_UserMembership()
       at Altiris.SoftwarePortal.Web.ContextUtil.CreateContext(UserType userType)
       at Altiris.SoftwarePortal.Web.ContextUtil.Context(UserType userType)
       at Altiris.SoftwarePortal.Web.AdminPortal.ViewSoftwareRequest.Page_Load(Object sender, EventArgs e)
       at System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e)
       at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)
       at System.Web.UI.Control.OnLoad(EventArgs e)
       at System.Web.UI.Control.LoadRecursive()
       at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
       at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
       at System.Web.UI.Page.ProcessRequest()
       at System.Web.UI.Page.ProcessRequest(HttpContext context)
       at ASP.adminportal_viewsoftwarerequest_aspx.ProcessRequest(HttpContext context)
       at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
       at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
       at System.Web.HttpApplication.ApplicationStepManager.ResumeSteps(Exception error)
      at System.Web.HttpApplication.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData)
       at System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr)
       at System.Web.HttpRuntime.ProcessRequestNoDemand(HttpWorkerRequest wr)
       at System.Web.Hosting.ISAPIRuntime.ProcessRequest(IntPtr ecb, Int32 iWRType)
    )
    ( Extra Details:  Type=System.Threading.ThreadAbortException Src=Altiris.SoftwarePortal )
     
     
     
    Log File Name: D:\SMPLogs\a3.log
    Priority: 1
    Date: 4/9/2011 9:24:47 PM
    Tick Count: 77707779
    Host Name: HPVRESALT01
    Process: w3wp (5232)
    Thread ID: 1418
    Module: w3wp.exe
    Source: Altiris.SoftwarePortal.Web.Global.Application_Error
    Description: Error occured while processing software portal pages.
    **CEDUrlStart** :http://entced.symantec.com/entt?product=SMP&version=7.1.6797.0&language=en&module=BED4YbVj2VVWOQ6qhsktBUZ9iV82BCaqyG08KOqEacs=&error=1939201232&build=**CEDUrlEnd**
     
    ( Exception Details: System.Web.HttpException: Request timed out. )
    ( Exception logged from:
       at Altiris.Diagnostics.Logging.EventLog.ReportException(Int32 severity, String strMessage, String category, Exception exception)
       at Altiris.NS.Logging.EventLog.ReportException(Int32 severity, String strMessage, String category, Exception exception)
       at Altiris.SoftwarePortal.Web.Global.Application_Error(Object sender, EventArgs e)
       at System.EventHandler.Invoke(Object sender, EventArgs e)
       at System.Web.HttpApplication.RaiseOnError()
       at System.Web.HttpApplication.ApplicationStepManager.ResumeSteps(Exception error)
       at System.Web.HttpApplication.System.Web.IHttpAsyncHandler.BeginProcessRequest(HttpContext context, AsyncCallback cb, Object extraData)
       at System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr)
       at System.Web.HttpRuntime.ProcessRequestNoDemand(HttpWorkerRequest wr)
       at System.Web.Hosting.ISAPIRuntime.ProcessRequest(IntPtr ecb, Int32 iWRType)
    )
    ( Extra Details:  Type=System.Web.HttpException Src= )


  • 2.  RE: ITMS 7.1 Software Portal Error: Failed to get membership in domain tree

    Posted Apr 13, 2011 09:02 PM

    Looking through the logs, it appears the server is trying to recurse all the domains trusted by the domain the server is it. We have LOTS of trusts set up, so this is certainly not optimal. I would really like to limit this search to just one or 2 domains!

    Anyone have any ideas?

     

    rob



  • 3.  RE: ITMS 7.1 Software Portal Error: Failed to get membership in domain tree

    Posted Apr 20, 2011 09:07 AM

    Hi Rob,

    Any update on this? I'm having the same issue here. The console shows bunch of errors saying "Failed to get membership in domain tree". The problem originates from 'GetDomainTreeMembership' method ... Most probably it has something to do with the application identity account privileges across domain tree, but not knowing how the mentioned method is made, it may be a bit difficult looking for the cause.

    Anyone has any idea? 



  • 4.  RE: ITMS 7.1 Software Portal Error: Failed to get membership in domain tree

    Posted Apr 21, 2011 06:23 AM

    When one tries to open any of the Software Portal pages, whether it is a user, manager or admin portal, a check is performed to find groups the user belongs to (well, at least that's what I was able to find out). The check is performed across all the domains within the forest. 

    The method responsible for it is GetRemoteUserMembership, it uses GetGetDomainTreeMembership method that throws the exception as in Rob's post.

    looks like Software Portal is designed only for single domain environments. Everything is OK if there are only few domains in the forest. In companies with more than one trees, with multiple domains, the GetRemoteUserMembership method's execution takes ... well in one of the environment I did a test it took 23 minutes.



  • 5.  RE: ITMS 7.1 Software Portal Error: Failed to get membership in domain tree

    Posted May 30, 2011 09:12 AM

    We have same issue with NS 7.1 We are running NS 7.0 as well an it works just fine. I can't import user diteils from Active Directory either. It only manage to import distinguished names, so maybe there is some connection. Does AD import works for you?



  • 6.  RE: ITMS 7.1 Software Portal Error: Failed to get membership in domain tree

    Posted Oct 13, 2011 06:58 AM

    Facing the same problems with 7.1s Software Portal, running multiple user domains/forests crossauthenticating to different forest which servers reside in.