Question:Failed to create security context for channel
Hi everyone,
I’m using SMP 7.1 SP2 on windows 2008 R2. I’m getting disconnected from the SMP console sometimes and see the below errors in the Altiris log view. The domain appid account gets locked out. Domain policy is set for 5 minutes so after that everything comes back to normal and works fine. But this keeps on repeating for account lockout. Why is this behavior?
<event date="Nov 07 06:16:36 +00:00" severity="4" hostName="NS SERVER" source="Altiris.NS.Server.GroupMessaging_Trace" module="w3wp.exe" process="w3wp" pid="8848" thread="133" tickCount="1374681059"><![CDATA[[w3wp.exe:/LM/W3SVC/1/ROOT/Altiris/ActivityCenter/Service-12-129967406865629574] Unable to retrieve the list of registered mmfs as the security context is not ready.]]></event>
<event date="Nov 07 06:16:38 +00:00" severity="1" hostName="NS SERVER" source="Altiris.NS.Server.GroupMessaging_Trace" module="w3wp.exe" process="w3wp" pid="8848" thread="280" tickCount="1374683384"><![CDATA[[w3wp.exe:/LM/W3SVC/1/ROOT/Altiris/ActivityCenter-11-129967406804477467] <_lm_w3svc_1_root_altiris_activitycenter_11_129967406804477467_9ef05ba5551947f6b570773de504d669> Failed to create security context for channel: Altiris.NS.Utilities.ImpersonationException: Could not logon as user "Domain\appidcelint". Current user is "IIS APPPOOL\Classic .NET AppPool". Token=0, LastError=1909 (The referenced account is currently locked out and may not be logged on to). ---> System.ComponentModel.Win32Exception: The referenced account is currently locked out and may not be logged on to
--- End of inner exception stack trace ---
at Altiris.NS.Utilities.Impersonate.CreateUserLogonToken(String domain, String user, String password, Int32 logonType, Int32 logonProvider, IntPtr& token1)
at Altiris.NS.Utilities.Impersonate.ImpersonateAsSvc()
at Altiris.NS.Server.GetSecurityContextForNSChannel()
at Altiris.GroupCommunications.Channel.CreateSecurityContextCallbackWrapper()
**CEDUrlStart** :http://entced.symantec.com/entt?product=SMP&version=Unknown&language=en&module=BxUshTrphjeZZQWUdFx8ZNxP8F/hNYa1UDCJd1y8S7w=&error=931233821&build=**CEDUrlEnd**
]]></event>
<event date="Nov 07 06:16:38 +00:00" severity="4" hostName="NS SERVER" source="Altiris.NS.Server.GroupMessaging_Trace" module="w3wp.exe" process="w3wp" pid="8848" thread="280" tickCount="1374683399"><![CDATA[[w3wp.exe:/LM/W3SVC/1/ROOT/Altiris/ActivityCenter-11-129967406804477467] Unable to retrieve the list of registered mmfs as the security context is not ready.]]></event>
<event date="Nov 07 06:16:39 +00:00" severity="1" hostName="NS SERVER" source="Altiris.NS.Server.GroupMessaging_Trace" module="w3wp.exe" process="w3wp" pid="8848" thread="280" tickCount="1374684055"><![CDATA[[w3wp.exe:/LM/W3SVC/1/ROOT/Altiris/ActivityCenter-11-129967406804477467] <_lm_w3svc_1_root_altiris_activitycenter_11_129967406804477467_9ef05ba5551947f6b570773de504d669> Failed to create security context for channel: Altiris.NS.Utilities.ImpersonationException: Could not logon as user "Domain\appidcelint". Current user is "IIS APPPOOL\Classic .NET AppPool". Token=0, LastError=1909 (The referenced account is currently locked out and may not be logged on to). ---> System.ComponentModel.Win32Exception: The referenced account is currently locked out and may not be logged on to
--- End of inner exception stack trace ---
at Altiris.NS.Utilities.Impersonate.CreateUserLogonToken(String domain, String user, String password, Int32 logonType, Int32 logonProvider, IntPtr& token1)
at Altiris.NS.Utilities.Impersonate.ImpersonateAsSvc()
at Altiris.NS.Server.GetSecurityContextForNSChannel()
at Altiris.GroupCommunications.Channel.CreateSecurityContextCallbackWrapper()
**CEDUrlStart** :http://entced.symantec.com/entt?product=SMP&version=Unknown&language=en&module=BxUshTrphjeZZQWUdFx8ZNxP8F/hNYa1UDCJd1y8S7w=&error=931233821&build=**CEDUrlEnd**
]]></event>
Please take a look
Please take a look at this article http://www.symantec.com/docs/TECH194254 and verify that you didn't miss anything.
Comments
Hi, Did you change NS
Hi,
Did you change NS AppIdentity? Or is it the same account that was used during initial installation?
Regards,
Robert Steinle
Symantec Corporation
For Forum threads, please click "Mark as Solution" if answered.
Or have you used this account
Or have you used this account somewhere else in the console and put the wrong password in?
Authorised Symantec Consultant (ASC) with Endpoint Management Limited, an Authorised Symantec Delivery Provider based in the UK.
Connect Etiquette: "Mark as Solution" posts that fix your problem, thumbs up for useful
Hi Rober and andy, thank you
Hi Rober and andy,
thank you for the replies
Yes, i did change the account after the insallation. I did the initial install using the local admin account. but then created a domain account and added it to the local admin group on the NS server. I replaced the local admin account to the domain account in the console at the database setting and appid setting. did i miss any thing ?
Asad
Please take a look
Please take a look at this article http://www.symantec.com/docs/TECH194254 and verify that you didn't miss anything.
Regards,
Robert Steinle
Symantec Corporation
For Forum threads, please click "Mark as Solution" if answered.
Thank you Robert. I will try
Thank you Robert. I will try this out and update the forum after the weekend.
Hi Robert, i followed the
Hi Robert,
i followed the article and reset the password for NS appid . rebooted the server and now i don't see the errors again. the console works fine.
thanks for the help.
Asad
Would you like to reply?
Login or Register to post your comment.