Symantec Management Platform (Notification Server)

 View Only

  • 1.  Question:Failed to create security context for channel

    Posted Nov 07, 2012 02:16 AM

    Hi everyone,

    I’m using SMP 7.1 SP2 on windows 2008 R2. I’m getting disconnected from the SMP console sometimes and see the below errors in the Altiris log view. The domain appid account gets locked out. Domain policy is set for 5 minutes so after that everything comes back to normal and works fine. But this keeps on repeating for account lockout. Why is this behavior?

     

    <event date="Nov 07 06:16:36 +00:00" severity="4" hostName="NS SERVER" source="Altiris.NS.Server.GroupMessaging_Trace" module="w3wp.exe" process="w3wp" pid="8848" thread="133" tickCount="1374681059"><![CDATA[[w3wp.exe:/LM/W3SVC/1/ROOT/Altiris/ActivityCenter/Service-12-129967406865629574] Unable to retrieve the list of registered mmfs as the security context is not ready.]]></event>

    <event date="Nov 07 06:16:38 +00:00" severity="1" hostName="NS SERVER" source="Altiris.NS.Server.GroupMessaging_Trace" module="w3wp.exe" process="w3wp" pid="8848" thread="280" tickCount="1374683384"><![CDATA[[w3wp.exe:/LM/W3SVC/1/ROOT/Altiris/ActivityCenter-11-129967406804477467] <_lm_w3svc_1_root_altiris_activitycenter_11_129967406804477467_9ef05ba5551947f6b570773de504d669> Failed to create security context for channel: Altiris.NS.Utilities.ImpersonationException: Could not logon as user "Domain\appidcelint". Current user is "IIS APPPOOL\Classic .NET AppPool". Token=0, LastError=1909 (The referenced account is currently locked out and may not be logged on to). ---> System.ComponentModel.Win32Exception: The referenced account is currently locked out and may not be logged on to

       --- End of inner exception stack trace ---

       at Altiris.NS.Utilities.Impersonate.CreateUserLogonToken(String domain, String user, String password, Int32 logonType, Int32 logonProvider, IntPtr& token1)

       at Altiris.NS.Utilities.Impersonate.ImpersonateAsSvc()

       at Altiris.NS.Server.GetSecurityContextForNSChannel()

       at Altiris.GroupCommunications.Channel.CreateSecurityContextCallbackWrapper()

    **CEDUrlStart** :http://entced.symantec.com/entt?product=SMP&version=Unknown&language=en&module=BxUshTrphjeZZQWUdFx8ZNxP8F/hNYa1UDCJd1y8S7w=&error=931233821&build=**CEDUrlEnd**

    ]]></event>

    <event date="Nov 07 06:16:38 +00:00" severity="4" hostName="NS SERVER" source="Altiris.NS.Server.GroupMessaging_Trace" module="w3wp.exe" process="w3wp" pid="8848" thread="280" tickCount="1374683399"><![CDATA[[w3wp.exe:/LM/W3SVC/1/ROOT/Altiris/ActivityCenter-11-129967406804477467] Unable to retrieve the list of registered mmfs as the security context is not ready.]]></event>

    <event date="Nov 07 06:16:39 +00:00" severity="1" hostName="NS SERVER" source="Altiris.NS.Server.GroupMessaging_Trace" module="w3wp.exe" process="w3wp" pid="8848" thread="280" tickCount="1374684055"><![CDATA[[w3wp.exe:/LM/W3SVC/1/ROOT/Altiris/ActivityCenter-11-129967406804477467] <_lm_w3svc_1_root_altiris_activitycenter_11_129967406804477467_9ef05ba5551947f6b570773de504d669> Failed to create security context for channel: Altiris.NS.Utilities.ImpersonationException: Could not logon as user "Domain\appidcelint". Current user is "IIS APPPOOL\Classic .NET AppPool". Token=0, LastError=1909 (The referenced account is currently locked out and may not be logged on to). ---> System.ComponentModel.Win32Exception: The referenced account is currently locked out and may not be logged on to

       --- End of inner exception stack trace ---

       at Altiris.NS.Utilities.Impersonate.CreateUserLogonToken(String domain, String user, String password, Int32 logonType, Int32 logonProvider, IntPtr& token1)

       at Altiris.NS.Utilities.Impersonate.ImpersonateAsSvc()

       at Altiris.NS.Server.GetSecurityContextForNSChannel()

       at Altiris.GroupCommunications.Channel.CreateSecurityContextCallbackWrapper()

    **CEDUrlStart** :http://entced.symantec.com/entt?product=SMP&version=Unknown&language=en&module=BxUshTrphjeZZQWUdFx8ZNxP8F/hNYa1UDCJd1y8S7w=&error=931233821&build=**CEDUrlEnd**

    ]]></event>



  • 2.  RE: Question:Failed to create security context for channel

    Posted Nov 07, 2012 09:19 AM

    Hi,

     

    Did you change NS AppIdentity? Or is it the same account that was used during initial installation?



  • 3.  RE: Question:Failed to create security context for channel

    Posted Nov 07, 2012 09:32 AM

    Or have you used this account somewhere else in the console and put the wrong password in?



  • 4.  RE: Question:Failed to create security context for channel

    Posted Nov 08, 2012 01:41 AM

    Hi Rober and andy,

    thank you for the replies

    Yes, i did change the account after the insallation. I did the initial install using the local admin account. but then created a domain account and added it to the local admin group on the NS server. I replaced the local admin account to the domain account in the console at the database setting and appid setting. did i miss any thing ?

     

    Asad



  • 5.  RE: Question:Failed to create security context for channel
    Best Answer

    Posted Nov 08, 2012 01:51 AM

    Please take a look at this article http://www.symantec.com/docs/TECH194254  and verify that you didn't miss anything.



  • 6.  RE: Question:Failed to create security context for channel

    Posted Nov 09, 2012 01:05 PM

    Thank you Robert. I will try this out and update the forum after the weekend.



  • 7.  RE: Question:Failed to create security context for channel

    Posted Nov 18, 2012 07:41 AM

    Hi Robert,

    i followed the article and reset the password for NS appid . rebooted the server and now i don't see the errors again. the console works fine.

     

    thanks for the help.

    Asad