• State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 95 subscribers
  • Views 4415 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue saving DGE service account in manager 7.1.2

pacman_d
over 7 years ago

Hey Folks,

So I have installed the DGE bits and configured my AD Accounts as the data governance administrators. The Data Governance views in manager render the managed hosts as expected. 

 

The next step however (keep me honest here) is to add the service account, and start installing agents on hosts. The problem I am having is that when I attempt to set the service account in our domain, I am getting a bad password error.

I have quadruple checked the password and I know that it is good.

This is the error:

 

[1025012] Object (QDGE-Service-User) could not be saved!
[810306] Error during execution of 'OnSaving' in logic module 'QAMServiceAccount'.
	at VI.DB.Entities.EntitySingleDbObject.<>c__DisplayClass36_0.<<Save>b__0>d.MoveNext()
	at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
	at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
	--- End of stack trace from previous location where exception was thrown ---
	at VI.DB.Entities.EventUnitOfWork.<PutAsync>d__2.MoveNext()
	at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
	at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
	--- End of stack trace from previous location where exception was thrown ---
	at VI.DB.Entities.PermissionsUnitOfWork.<PutAsync>d__10.MoveNext()
	at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
	at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
	at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
	--- End of stack trace from previous location where exception was thrown ---
	at VI.DB.Entities.EventUnitOfWork.<PutAsync>d__2.MoveNext()
	at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
	at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
	--- End of stack trace from previous location where exception was thrown ---
	at VI.DB.Entities.UnitOfWorkImpl.<PutAsync>d__37.MoveNext()
	at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
	at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
	--- End of stack trace from previous location where exception was thrown ---
	at VI.DB.Entities.DbEntitySink.<PutAsync>d__15.MoveNext()
	at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
	at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
	at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
	--- End of stack trace from previous location where exception was thrown ---
	at VI.DB.Entities.InteractiveSaveEntityStrategy.<OnSavingAsync>d__3.MoveNext()
	at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
	at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
	--- End of stack trace from previous location where exception was thrown ---
	at VI.DB.Entities.CombinedEntityLogic.<_CollectChangesAsync>d__28.MoveNext()
Quest.Titan.Common.Exceptions.ExternalException: System.ComponentModel.Win32Exception: The user name or password is incorrect
	at VI.DB.Entities.CombinedEntityLogic.<_CollectChangesAsync>d__28.MoveNext()
	at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
	at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
	--- End of stack trace from previous location where exception was thrown ---
	at VI.DB.Customizer.<VI-DB-Entities-IEntityLogic-OnSavingAsync>d__71.MoveNext()
	at VI.DB.Customizer._CollectEvents(IEntity entity, Action action)
	at Quest.Titan.Client.Q1IM.Customizer.QAMServiceAccount.OnSaving()

 

What am I missing here? I was following your video tutorials as I was configuring this so perhaps I missed a step.

Would be nice to demonstrate what is possible here with my colleagues but I cant get past this one thing.

  • A couple of notes:
     
    • I have tried logging into manager with employee role based, AD Role based, and system account based
      • I do not have a system account mapped to my person record however, could that be an issue?

    • Logged into the management server with my domain admin account

    • This domain admin account is linked to my person record.

    • My person record has all of the administrator roles, including the Data Governance Administrator role.
       
    • This is also being installed with an existing Identity Manager Instance (same version)

Any insights would be most welcome.

 

Thanks!

Parents
  • 0 over 7 years ago
    Hello,

    - Are you able to log into the machine hosting the DGE service using those same credentials? (if you can't, then that would definitely be a problem).
    - What account is the DGE service running as (LocalSystem or as a service account)?
    - Is there anything in the DGE service log? If you enable DEBUG logs, is there anything else? To turn on DEBUG logging on the server, try the following:
    1. Locate the Dell.DataGovernanceEdition.Service.exe.config file in the Data Governance service installation directory.
    2. Open the configuration file and edit the following setting:
    <rules>
    <logger name="*" minlevel="INFO" writeTo="logfile">
    3. Change INFO to DEBUG to get detailed logging.
    4. Save the file.

    - What about trying using DGE PowerShell command Add-QServiceAccount instead of through the Manager:
    support.oneidentity.com/.../32

    Having a system account mapped to your person record should not matter. As long as the account that you are logged into the computer as (in your case, domain admin), is associated with a Person object that has the DGE roles, you should be good.

    In the meantime, I'll consult with the team to see if they have any other suggestions.

    Matt
Reply
  • 0 over 7 years ago
    Hello,

    - Are you able to log into the machine hosting the DGE service using those same credentials? (if you can't, then that would definitely be a problem).
    - What account is the DGE service running as (LocalSystem or as a service account)?
    - Is there anything in the DGE service log? If you enable DEBUG logs, is there anything else? To turn on DEBUG logging on the server, try the following:
    1. Locate the Dell.DataGovernanceEdition.Service.exe.config file in the Data Governance service installation directory.
    2. Open the configuration file and edit the following setting:
    <rules>
    <logger name="*" minlevel="INFO" writeTo="logfile">
    3. Change INFO to DEBUG to get detailed logging.
    4. Save the file.

    - What about trying using DGE PowerShell command Add-QServiceAccount instead of through the Manager:
    support.oneidentity.com/.../32

    Having a system account mapped to your person record should not matter. As long as the account that you are logged into the computer as (in your case, domain admin), is associated with a Person object that has the DGE roles, you should be good.

    In the meantime, I'll consult with the team to see if they have any other suggestions.

    Matt
Children
No Data