【IAG】IAG Domain ADSSO cause Microsoft AD server keep prompt the error message
Product: IAM/IAGVersion: IAM11.0 and aboveDiscover Date: 03/11/2021
Phenomena:
Microsoft AD Server will keep prompt out the error message below inside the event log.
Event ID: 10036
Message: "The server-side authentication level policy does not allow the user %1\%2 SID (%3) from address %4 to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application."
(%1 – domain, %2 – user name, %3 – User SID, %4 – Client IP Address)
IAM/IAG with Domain ADSSO enabled.
:
The AD domain has updated Microsoft's latest KB5005568 (the patch on win server 2019 is called this, and other system versions are not sure). After installed this Windowsm patch, the security level of the dcom connection will be required to reach the RPC_C_AUTHN_LEVEL_PKT_INTEGRITY level. If this level is not reached, a security warning will be prompted , and the security level of the wmic tool integrated on the IAM/IAG device is the default level when creating a new dcom connection, which causes a large number of alarm logs to be generated every time we call the wmic tool to fetch logs from the domain. For patch information, Please refer to https://support.microsoft.com/en ... 2-941e-37ed901c769c
:
Step 1: Confirm whether IAM/IAG is using Microsoft AD Domain SSO.
Step 2: Confirm the event log is keep prompt out on the Microsoft AD server.
:
1. Kindly contact technical support for assistance. nice sharing Thank you very much for the information ... :handshake Nice article ... :handshake Great info ... :handshake Very informative ... :handshake Nice Guidance ... :handshake
page:
[1]