If you cannot log on to Security Center using your Windows Active Directory (AD) credentials, there might be an issue with your system setup. With Active Directory integration, your connection options differ depending on where your workstation is located on the network. To help you troubleshoot the issue, learn about its possible causes and solutions.
User groups not imported
Description of cause: You might have only imported the AD security groups as cardholder groups and not as user groups in Security Center.
Solution: In the Properties tab of the Active Directory role, make sure the As user group option is selected for the security group under Synchronized groups. If the As user group option is not selected it, select it and click Synchronize.
Imported users missing Security Center privileges
Description of cause: The AD user groups are imported but the groups are not assigned any privileges in Security Center.
Solution: Assign privileges to the imported user groups in Config Tool. See Assigning privileges to users.
Server hosting the AD role not part of the domain
Description of cause: The server that is hosting the Active Directory role in Security Center is not part of the same domain as the AD server, which is a requirement to import AD security groups as users groups in Security Center. To verify if the servers are part of the same domain: Open Windows Control Panel on the Active Directory role server and click
.If the Workgroup option lists WORKGROUP and the Domain option is not displayed, it means that the server is not part of a domain.
- On the server that is hosting the Active Directory role, open the System page in Windows Control Panel.
- Click .
- Select Domain, type the domain name of the AD server, and enter
the credentials of a valid user on that domain.Tip: Use the domain administrator or a user who has enough privileges on the AD. If you unsure which user has enough privileges, you can check using the AD Exporer on the AD server. For more information about using AD Explorer, see Microsoft documentation.
If failover is configured for the Active Directory role, perform the same troubleshooting step on the secondary server.
Domain name not specified
Description of cause: You have a large AD setup with multiple domains. As a result, even if your Config Tool or Security Desk workstation is on the same domain as the AD server, you must specify the domain name when you log on to Security Center.
The domain name is also required if you log on to Security Center using VPN or from a machine that is on a remote network.
- User@domain.com (Fully Qualified Domain Name or FQDN)
- User@domain
- domain\user
Windows user does not have correct permissions
Solution: Make sure that the user running the Genetecâ„¢ Server service on the server hosting the Active Directory role has permission to access Windows Active Directory. For a list of required permissions, refer to the related Global catalog attributes.
If failover is configured for the Active Directory role, perform the same troubleshooting step on the secondary server.
No authorization agent found
- There is a problem with the Active Directory role.
- The AD user does not exist in Security Center.
- The Active Directory role user does not have permission to access to the AD service.
- After the Active Directory role was connected to the AD server, the role was not synchronized with the AD.
- Verify that the Active Directory role is online and does not have any warnings or errors. Fix any errors that are found.
- Check if the AD user was imported in Security Center from the User management task in Config Tool. If the user is not listed, on the AD server make sure that the user is part of a security group that was imported in Security Center.
- On the AD server, check if the Active Directory role user has permission to access to the AD service. Give that user permission on the AD service or connect the Active Directory role to the AD server using different user who has the correct permissions.
- Manually synchronize the Active Directory role with the AD server.
Performance issues
Description of cause: If logging on is slow or a timeout occurs, it might be due to low resources on the Security Center client or server, or it might be an issue on the AD side.
- If it still takes a long time for you to log on, make sure there are enough resources
to run your local Security Center system. You
can check the following:
- On the main server, open the Windows Task Manager and check the CPU and memory. High CPU or memory might indicate a resource issue on your local system.
- Check if it takes a long time to log onto Windows.
- Make sure that your system meets the hardware and software requirements outlined in the Security Center System Requirements.
- If the logon is faster with a local Security Center user, the issue might be on the AD side. Have the IT department of the AD system check for network issues or shortages. Otherwise, you can open a support case by contacting the Genetecâ„¢ Technical Assistance Center (GTAC).