This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.
BladeLogic Server Automation Suite
BladeLogic Server Automation
All BSA versions
Getting "No authorization to access host" error, when verifying or live browsing a Windows target server on TrueSight Server Automation (TSSA/BSA) console:
'rscd.log' shows the following messages
02/14/19 11:20:50.389 WARN rscd - XX.XX.XX.XX 3336 SYSTEM (BLAdmins:BLAdmin): CM: Failed to change to alternate user 02/14/19 11:21:51.280 ERROR rscd - TARGET 2696 SYSTEM (Not_available): (Not_available): authenticate_user failed ; Error Location: RSCD_WinUser::initFromUsernameDomainW:LookupAccountNameW ; Error Message: No mapping between account names and security IDs was done. ; Auxiliary Error Message: Account: DOMAIN\admin ...
No authorization to access host" error on all Windows Server 2003 servers when using Automation Principal Domain Account to login.
05f49d3f620b85ba9d35 0000000009 09/19/12 14:51:29.447 ERROR rscd - xxxx 9976 SYSTEM (Not_available): (Not_available): authenticate_user failed ; Error Location: RSCD_WinUser::logonPassword:LsaLogonUser() ; Error Message: Logon failure: the user has not been granted the requested logon type at this computer. ; Auxiliary Error Message: email@example.com fcab39845310836b091e 0000000010 09/19/12 14:51:29.447 WARN rscd - xxx.xx.xx.xx 9976 SYSTEM (firstname.lastname@example.org): CM: Failed to change to alternate user ...
Automation principal is configured & associated with the role (such as 'BLAdmins') where the principal account does not exist or do not have appropriate privilege. Domain Account being mapped-to may not have the required "Logon as a batch job" privilege.
Check if any automation principal is associated with the role. If yes, make sure that the principal user account (configured for the automation principal) exists on the target server and has appropriate privileges.
Make sure that the user account is not listed in "Deny Log on as a batch job" local policy.
If automation principal is not intended, remove the role association from the automation principal.
Domain Account being mapped-to may not have the required "Logon as a batch job" privilege.
If you are using an automation principal for Microsoft Windows user mapping, the account you identify in this step must be granted the Windows "Logon as a batch job" privilege on each Windows server. To access this setting, use the Control Panel and go to Administrative Tools > Local Security Policy > Local Policies > User Rights Assignment. If you are using an automation principal for agent installation, you must grant the "Logon as a batch job" privilege to this account on the PsExec server.