Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Question:Failed to create security context for channel

Created: 07 Nov 2012 • Updated: 18 Nov 2012 | 6 comments
This issue has been solved. See solution.

Hi everyone,

I’m using SMP 7.1 SP2 on windows 2008 R2. I’m getting disconnected from the SMP console sometimes and see the below errors in the Altiris log view. The domain appid account gets locked out. Domain policy is set for 5 minutes so after that everything comes back to normal and works fine. But this keeps on repeating for account lockout. Why is this behavior?

 

<event date="Nov 07 06:16:36 +00:00" severity="4" hostName="NS SERVER" source="Altiris.NS.Server.GroupMessaging_Trace" module="w3wp.exe" process="w3wp" pid="8848" thread="133" tickCount="1374681059"><![CDATA[[w3wp.exe:/LM/W3SVC/1/ROOT/Altiris/ActivityCenter/Service-12-129967406865629574] Unable to retrieve the list of registered mmfs as the security context is not ready.]]></event>

<event date="Nov 07 06:16:38 +00:00" severity="1" hostName="NS SERVER" source="Altiris.NS.Server.GroupMessaging_Trace" module="w3wp.exe" process="w3wp" pid="8848" thread="280" tickCount="1374683384"><![CDATA[[w3wp.exe:/LM/W3SVC/1/ROOT/Altiris/ActivityCenter-11-129967406804477467] <_lm_w3svc_1_root_altiris_activitycenter_11_129967406804477467_9ef05ba5551947f6b570773de504d669> Failed to create security context for channel: Altiris.NS.Utilities.ImpersonationException: Could not logon as user "Domain\appidcelint". Current user is "IIS APPPOOL\Classic .NET AppPool". Token=0, LastError=1909 (The referenced account is currently locked out and may not be logged on to). ---> System.ComponentModel.Win32Exception: The referenced account is currently locked out and may not be logged on to

   --- End of inner exception stack trace ---

   at Altiris.NS.Utilities.Impersonate.CreateUserLogonToken(String domain, String user, String password, Int32 logonType, Int32 logonProvider, IntPtr& token1)

   at Altiris.NS.Utilities.Impersonate.ImpersonateAsSvc()

   at Altiris.NS.Server.GetSecurityContextForNSChannel()

   at Altiris.GroupCommunications.Channel.CreateSecurityContextCallbackWrapper()

**CEDUrlStart** :http://entced.symantec.com/entt?product=SMP&version=Unknown&language=en&module=BxUshTrphjeZZQWUdFx8ZNxP8F/hNYa1UDCJd1y8S7w=&error=931233821&build=**CEDUrlEnd**

]]></event>

<event date="Nov 07 06:16:38 +00:00" severity="4" hostName="NS SERVER" source="Altiris.NS.Server.GroupMessaging_Trace" module="w3wp.exe" process="w3wp" pid="8848" thread="280" tickCount="1374683399"><![CDATA[[w3wp.exe:/LM/W3SVC/1/ROOT/Altiris/ActivityCenter-11-129967406804477467] Unable to retrieve the list of registered mmfs as the security context is not ready.]]></event>

<event date="Nov 07 06:16:39 +00:00" severity="1" hostName="NS SERVER" source="Altiris.NS.Server.GroupMessaging_Trace" module="w3wp.exe" process="w3wp" pid="8848" thread="280" tickCount="1374684055"><![CDATA[[w3wp.exe:/LM/W3SVC/1/ROOT/Altiris/ActivityCenter-11-129967406804477467] <_lm_w3svc_1_root_altiris_activitycenter_11_129967406804477467_9ef05ba5551947f6b570773de504d669> Failed to create security context for channel: Altiris.NS.Utilities.ImpersonationException: Could not logon as user "Domain\appidcelint". Current user is "IIS APPPOOL\Classic .NET AppPool". Token=0, LastError=1909 (The referenced account is currently locked out and may not be logged on to). ---> System.ComponentModel.Win32Exception: The referenced account is currently locked out and may not be logged on to

   --- End of inner exception stack trace ---

   at Altiris.NS.Utilities.Impersonate.CreateUserLogonToken(String domain, String user, String password, Int32 logonType, Int32 logonProvider, IntPtr& token1)

   at Altiris.NS.Utilities.Impersonate.ImpersonateAsSvc()

   at Altiris.NS.Server.GetSecurityContextForNSChannel()

   at Altiris.GroupCommunications.Channel.CreateSecurityContextCallbackWrapper()

**CEDUrlStart** :http://entced.symantec.com/entt?product=SMP&version=Unknown&language=en&module=BxUshTrphjeZZQWUdFx8ZNxP8F/hNYa1UDCJd1y8S7w=&error=931233821&build=**CEDUrlEnd**

]]></event>

Comments 6 CommentsJump to latest comment

Robert Steinle's picture

Hi,

 

Did you change NS AppIdentity? Or is it the same account that was used during initial installation?

Regards,

Robert Steinle

Symantec Corporation

 

For Forum threads, please click "Mark as Solution" if answered.

andykn101's picture

Or have you used this account somewhere else in the console and put the wrong password in?

Authorised Symantec Consultant (ASC) with Endpoint Management Limited, an Authorised Symantec Delivery Provider based in the UK.

Connect Etiquette: Please "Mark as Solution" posts that fix your problem.

Qatar525's picture

Hi Rober and andy,

thank you for the replies

Yes, i did change the account after the insallation. I did the initial install using the local admin account. but then created a domain account and added it to the local admin group on the NS server. I replaced the local admin account to the domain account in the console at the database setting and appid setting. did i miss any thing ?

 

Asad

Robert Steinle's picture

Please take a look at this article http://www.symantec.com/docs/TECH194254  and verify that you didn't miss anything.

Regards,

Robert Steinle

Symantec Corporation

 

For Forum threads, please click "Mark as Solution" if answered.

SOLUTION
Qatar525's picture

Thank you Robert. I will try this out and update the forum after the weekend.

Qatar525's picture

Hi Robert,

i followed the article and reset the password for NS appid . rebooted the server and now i don't see the errors again. the console works fine.

 

thanks for the help.

Asad