ArcGIS Server 10.2.1 could not load domain user/roles

ZdeněkJankovský · ‎04-08-2014

Hi,

I get this error after upgrade 10.1 SP1 to 10.2.1. Server was set to use Windows Domain Users and Roles.
After upgrade, going to Manager > Security > Users, after some while I get:

An error occurred while searching for users: Could not connect to the identity store as one or more of the connection parameters is incorrect. Verify that you can connect to the identity store outside of ArcGIS Server using the same parameters. <domain IP address>:3268

No users or groups are listed.
I am not able to get of rid this message with new setting of Domain authentication or anything else.

Have someone solved this issue?

Thank you,
Zdenek J.

ZdeněkJankovský · ‎04-09-2014

Hi all,

so it seems I have solved the issue:
It is necessary to set up the domainControllerAddress IP according to this web help.

If you need to find out the IP address of the controller, try nslookup in your windows command prompt. After runing this command, you get the basic report of your setting.

After that I can list the users, but users report that IE pop-up the dialog for log in. With this it helped me to reorder the Providers of the Windows Authentication setting on IIS for webadaptor application. I put the NTLM provider to the first place.

If someone could explain me the provider issue, it would be nice. (What does it mean?)

Thanks.

View solution in original post

WilliamCraft · ‎04-08-2014

Try changing your user and role store back to ArcGIS Server Built-in, saving these changes, and then re-configuring your site to use Users and roles from an existing enterprise system (LDAP or Windows Domain) again. Something may have gotten hosed up during the upgrade and perhaps re-setting the user and role stores would help. Another possibility is that the credentials from the domain account used during the user and role store setup is no longer valid. Can you confirm that account is not locked?

ZdeněkJankovský · ‎04-08-2014

I tried to change it back to Built-In stores and again to domain. But it didn't help. Strange was, that the Test Connection button in the setting dialog worked fine. But after it, I am getting the same error message again.
User account is OK, I used my own account as the user for connection to domain as well as for ArcGIS Server user. I am logged with this account in my computer with ArcGIS Server.

I am using Windows 7 Enterprise, but I get the same error on Windows Server 2008 as well.

Thank you for any other suggestion,
Zdenek J.

ZdeněkJankovský · ‎04-08-2014

Well, I tried these points:

delete config store and created it again - same issue

un-install whole ArcGIS Server, clean the registry, clean config-store, clean Program Files folder install it again - after that get the same issue

tried to use AGSMembershipProvider.AGSADMembershipProvider according to web help and then it lists the users.

So it seems that there is some problem inside the server. I don't want to use nested groups, I need the whole domain, but it doesn't work as expected.
Any other suggestions?

Thank you,
Zdenek J.

ZdeněkJankovský · ‎04-09-2014

Hi all,

so it seems I have solved the issue:
It is necessary to set up the domainControllerAddress IP according to this web help.

If you need to find out the IP address of the controller, try nslookup in your windows command prompt. After runing this command, you get the basic report of your setting.

After that I can list the users, but users report that IE pop-up the dialog for log in. With this it helped me to reorder the Providers of the Windows Authentication setting on IIS for webadaptor application. I put the NTLM provider to the first place.

If someone could explain me the provider issue, it would be nice. (What does it mean?)

Thanks.