• State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 94 subscribers
  • Views 9148 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DGE No Suitable group found

Jaipal.Sivaiah
over 8 years ago

Hi All,

        I have configured Windows Managed host and added a folder under governance and published folder to IT Shop. System able to get resource activity etc.. As well as assigned Read and ReadWrite groups to published folder. Then executed a Request Access from D1IM web portal for published folder.

But VI_PersonWantsOrg_PrefillITShopOrgFinalForGroup script unable to get suitable groups and ended up with error while running funciton called VI_GetMostSuitableGroupDN.  Here are the details:

 

Error: A call to SSPI failed, see inner exception

Parameters for call were:  xxx - NTFS\Folder - RequestWriteAccess -xxxxx

No Suitable group found.

 

I'm using Windows Authentication to connect SQL, NOT SQL ACCOUNT.  So DGE Server Service running under Service Account NOT LOCAL Account

Agent is running same service account.

Environment Details:

Version: D1IM 7.1

DB: MS SQL Server 2012

Any idea what could be causing this issue?

 

Thanks,

Jaipal.

  • 0 over 8 years ago
    Is the identity manager job service (the one specified as the data governance connector) on the same machine as the DGE service? If so, try using a different job service, if possible. One that's not on the same machine.

    DGE agent isn't involved in this scenario.

    Last resort is to change the DGE SQL connection back to SQL authentication. Can either use the powershell commands for reinitializing the DGE service, first setting it to run as local system. Or just run through the DGE deployment wizard again.
  • 0 over 8 years ago
    Hi All,
    Job Server, DGE Server and Managed Host servers are separate servers. I tried with Local System account, it didn't work. Always ending with "Error: A call to SSPI failed, see inner exception" Error.

    Thanks in advance.
  • 0 over 8 years ago

    Hi Jaipal,

     

    Were you able to get this resolved? i am having the same issue

     

    2017-03-30 10:42:38 +03:00 - VI.JobService.JobComponents.ScriptComponent - 8417d46b-37de-468a-9d26-6a335a02b791: Errors occured
    Script: VI_GetMostSuitableGroupDN
    Error: Quest.Titan.Common.Exceptions.SystemPlatform.AccessDeniedException: Access was denied while attempting to perform the requested operation.
    Parameters for call were: ARABBANKING - NTFS\Folder - RequestReadAccess - \\ABCBHSAN\E$\DATA\INFOSEC\B. MANAGEMENT\B02. BUSINESS CONTINUITY & DISASTER RECOVERY
    Script: VI_PersonWantsOrg_PrefillITShopOrgFinalForGroup
    No suitable group found.
    [810222] Error executing script 'VI_PersonWantsOrg_PrefillITShopOrgFinalForGroup'.
    [System.Exception] Error in script VI_PersonWantsOrg_PrefillITShopOrgFinalForGroup
    [810306] Error during execution of 'OnSaved' in logic module 'QER.Customizer.PersonWantsOrg'.
    [810092] File system access - Infosec02, Test - 3/30/2017 10:41:56 AM was changed by another user.
       at StdioProcessor.StdioProcessor._Execute(Job job)
       at VI.JobService.JobComponents.ScriptComponent.Activate(String task)
       at VI.JobService.JobComponents.ScriptComponent._TaskScriptExec()
       at VI.DB.Scripting.ScriptRunner.Eval(String key, Object[] parameters)
       ---- Start of Inner Exception ----
       at DynScripts.ProductScripts_eUd1OqE22xcJ1mQWCY7nvks.VI_PersonWantsOrg_PrefillITShopOrgFinalForGroup(String uidPersonWantsOrg)
       ---- Start of Inner Exception ----
       at DynScripts.ProductScripts_eUd1OqE22xcJ1mQWCY7nvks.VI_PersonWantsOrg_PrefillITShopOrgFinalForGroup(String uidPersonWantsOrg)
       at VI.DB.Entities.EntitySingleDbObject.Save()
       at VI.Base.SyncActions.Do(Func`1 action)
       at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
       at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
       ---- Start of Inner Exception ----
       at VI.DB.Entities.EntitySingleDbObject.<>c__DisplayClass36_0.<<Save>b__0>d.MoveNext()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    --- End of stack trace from previous location where exception was thrown ---
       at VI.DB.Entities.EventUnitOfWork.<PutAsync>d__2.MoveNext()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification

     

    DGE service and job server are running on different servers. 

     

    Regards

  • 0 over 8 years ago

    Hi Jaipal,

    I am no DGE expert but I think the Job Service executing the script has to run with a windows account not local system. The account also needs the correct permissions in terms of Data Governance roles inside of Identity Manager.

     

  • 0 over 8 years ago
    muhammadarsl ,

    If you look at the "Data Governance Service.log" on your DGE server, it will have additional information. An "AccessDeniedException" appears to be an issue with the account that is used to query the groups that exists on your share/folder. You could try to use the Manager UI and browse that share/folder and see if you get an exception message.
  • 0 over 8 years ago
    Hi,

    Thank you for the response. I went and checked the Data Governance Service.log, i was getting this exact error. After configuring one server(which worked correctly as i configured the service using the service account) i had to configure another server with a different service account. This i did directly from the manager. After going through the documentation multiple times i found out that the service account must have Permissions on the DGE activity database in addition to the DGE application roles. After giving the correct permissions on the DB, the groups are showing up in the requests. :)