[KBA-00994] How to Troubleshoot Active Directory Role Configuration Problems in Security Center 5.x - Security Center 5.0 - 5.1

series
Security Center 5.0 - 5.1
revised_modified
2012-07-03

[KBA-00994] How to Troubleshoot Active Directory Role Configuration Problems in Security Center 5.x

This article contains solutions to common configuration problems when setting up the Active Directory component of your Security Center 5.x system.

Summary

While setting up an Active Directory role in a Security Center 5.0 or 5.1 system, there are some common issues that may be encountered. Please check the list of problems and resolutions below.

More Information

Problem 1:

When trying to create a new role in Config Tool, the Active Directory role does not show up as an option in the list.

Solution:

You will need to be logged in with the Admin account in order to create the Active Directory role.

Problem 2:

The Active Directory role is in red in the entity tree.

Solutions:

  1. Open a System task, click on the Roles section below the task bar, and click on the Active Directory role. Click on the Properties tab on top. Verify the server name or IP address in the Active Directory field. If the Security Center server running the Active Directory role is unable to reach the Active Directory server, it will not be able to verify the user credentials.
  2. In the Properties tab of the Active Directory role, if the Status is Error: Connection to Active Directory denied. Check service permissions or Server invalid credentials, there is a problem with the credentials being used by the role.
    • When the Use Windows credentials of the server hosting the role option is checked, the logon parameters of the Genetec Server service will be used. To change the user the Genetec Server service is logging on as, click on the Windows Start button, and run services.msc. Right-click on the Genetec Server service and click on Properties. Click on the Log On tab on top, choose This account and specify the credentials to use.
    • If the Use Windows credentials of the server hosting the role option is not checked, you will need to provide the username and password of the account used to contact the Active Directory server.
  3. The user the Genetec Server service is logging in with must have read access to the Active Directory server, must be a member of the domain, and have local administrator rights.
Problem 3:

The Active Directory users are not present in the Users section of the Security task.

Solution:
  1. In the System task, under the Roles section, click on the Active Directory role and click on the Properties tab.
  2. Under the Synchronized groups section, verify that the groups are listed. If not, import the groups.
  3. Next to the group name, verify if the group has been added as a user group. You can check the user groups in the Security task or section to see if the groups have been imported.
  4. Also, verify if the Create user on first logon box has been checked for the group. In this case, the user will not show up in the system until the first time the person logs into the system, and it is normal not to see the user account in Security Center until they do.

If you are still unable to bring the Active Directory role online or have other issues with your Active Directory users within Security Center, please contact the Genetec Technical Assistance Center (GTAC).