0 votes

Service account has Create / Delete all child object perms for this object and all descendant objects

Softerra.Adaxes.Directory.Configuration.AdaxesConfigurationException: Failed to create or update the service connection point in domain.com'. ---> Softerra.Adaxes.ServiceLocation.ServiceConnectionPointException: Access is denied. ---> System.DirectoryServices.Protocols.DirectoryOperationException: The user has insufficient access rights. at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut) at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout) at Softerra.Adaxes.ServiceLocation.ServiceConnectionPointManager.EnsureContainerExists(String distinguishedName) at Softerra.Adaxes.ServiceLocation.ServiceConnectionPointManager.GetContainerDistinguishedName(ServiceConnectionPointLocation location) --- End of inner exception stack trace --- at Softerra.Adaxes.ServiceLocation.ServiceConnectionPointManager.GetContainerDistinguishedName(ServiceConnectionPointLocation location) at Softerra.Adaxes.ServiceLocation.ServiceConnectionPointManager.CreateDistinguishedName(String commonName, ServiceConnectionPointLocation location) at #7e.#df.#lyc(NtdsDirectoryIdentifier directoryId, NetworkCredential credential, ServiceConnectionPointLocation location) at #7e.#df.#lyc(OnPremiseManagedDomain managedDomain) --- End of inner exception stack trace ---

by (280 points)

1 Answer

0 votes
by (14.1k points)

Hello,

The error means that the account used to manage the domain in Adaxes (domain service account) does not have native Active Directory permissions to create service connection points under the System built-in container. If you are using the Adaxes service account (specified during the installation) to manage the domain in Adaxes, the permissions are also required. For more details about the accounts and required permissions, have a look at the following help article: https://www.adaxes.com/help/PermissionsOfDomainServiceAccount.

0

Can you expand a bit on the Sytem OU? I dont think I see anything referencing it in the documentation you linked.

0

Hello,

During the Adaxes service start, two types of service connection points (SCPs) are created. One SCP is created under the computer where the Adaxes service runs. It is used by Adaxes clients (Administration console, Web interface, etc.) to locate the Adaxes service. This SCP is created using the credentials of the Adaxes service account. Another set of SCPs is created in the System\Softerra\Softerra Adaxes container of each domain managed by Adaxes. These SCPs are used to populate the settings for the Adaxes Self-service client. The SCPs are created using the credentials of the corresponding domain service account.

0

Is there any way to disable this if we don't plan on using the Self-Service client at all?

0

Hello,

Unfortunately, there is no possibility of disabling the creation of SCPs used to populate the setting for the Password self-service client. However, if you are not using the client, you can safely ignore the error in the Adaxes event log.

Related questions

0 votes
0 answers

Upgraded to the latest adaxes release yesterday and now this morning we are not able to access our self-service portal. We have rebooted our server and verified our adaxes service is successfully connected our domains. Any help would be appreciated, thank you!

asked Mar 14 by dhodgin (40 points)
0 votes
1 answer

When I attempt to start the Adaxes service, it immediately stops. This is the error I see in the event viewer: The service terminated with an error. System. ... at Softerra.Adaxes.Initializer.Shutdown() Is there anything I can do to fix this?

asked Aug 12, 2021 by LiloKira (20 points)
+1 vote
1 answer

After installing our second Adaxes service and joining it to the configuration via shared configuration like the install guide said (https://www.adaxes.com/resources/InstNotes. ... ?" I am an administrator and login just fine to our first node.

asked Dec 10, 2019 by mark.it.admin (2.3k points)
0 votes
1 answer

Hi, We've recently started seeing users get 'Unable to connect to nearest Adaxes service' errors when accessing the Adaxes web portal. It's far too vague\random to have an idea ... last night to see if that fixed it, but we have had the issue again today.

asked Dec 13, 2013 by firegoblin (1.6k points)
0 votes
1 answer

hello, We are doing poc for Adaxes software. Our need: Adaxes as front end to manage multiple isolated domains with no trust e.g. Domain A, Domain B. We deployed ... domain B always gives error "User or password is not correct". Is this toplogy supported

asked Jul 11 by VBahubali (40 points)
3,548 questions
3,239 answers
8,232 comments
547,814 users