11 Replies Latest reply on Feb 17, 2016 7:51 AM by Namdeo Patil

    RSCD account failed to create on replicated DC

    Namdeo Patil

      HI,

       

      Trying to install RSCD agent 8.6 SP1 in windows replicated DC but it's always failing with following error message in rscd.log.

       

       

      RSCD_UnprivilegedUser.cpp - Caught exception. Error code=1332, msg=No mapping between account names and security IDs was done.

      .

      .

      .

      [listen_thread:_create_bl_user] : The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements. (Could not create the BladeLogic unprivileged user. Expect failures in user privilege mapping mode.)

      listen_thread ERROR: 9002:Internal Error - Caught exeception.

      Main: Wait Failed on handle. RSCD start failed.

      Main: **** RSCD shutdown clean (App) ****

       

      Tried below option but no luck:

      1. Rebooted DC

      2. set all dc policies.

      2. Created account in registry

      3. Set password for rscd ac in standalone system ( This password is working for Domain ac)

      4. Import same Bladelogic/Operations Manager/RSCD/E and S value from standalone system to DC.

      5. Restart RSCD agent on DC but still getting same error.

       

      Thanks in advance for any suggestions.

       

      Thanks,

      Namdeo

        • 1. Re: RSCD account failed to create on replicated DC
          Bill Robinson

          1 - why?  won't affect anything.

          2 - what policies specifically ?

          2 - how did you create an account in the registry?  what exactly did you do here ?

          3 -  ok, but how would this affect anything on a new domain controller ?

          4 - that won't work because there is a per-host salt that's used

          5 - on what DC ?

           

          so, you have at least one or more DCs that have a working rscd agent on them.  do you know if the BladeLogicRSCD password has been changed via chapw ?  if so, do you know the password ?  if so you should be able to follow the agentctl procedure here on the new DC: https://docs.bmc.com/docs/display/public/bsa86/Changing+the+BladeLogicRSCDDC+account+password+on+domain+controllers

          • 2. Re: RSCD account failed to create on replicated DC
            Namdeo Patil

            I'm not able to change password on DC because RSCD service is down,

             

            Followed all steps in this doc:

            To create an alternate user name on multiple domain controllers and To change the BladeLogicRSCD account password on domain controllers sections.

             

            we have 2 DC's, and RSCD is not working any of them, now uninstalled RSCD from both the DC's and tried on primary DC first but same issue.

             

            This is happening for 8.2--8.5.xx--and 8.6.x  agent version as well.

             

            Thanks,

            Namdeo

            • 3. Re: RSCD account failed to create on replicated DC
              Bill Robinson

              did you read the link ?

               

              Using the agentctl utility to change the password on a specific domain controller

              1. Shut down the RSCD agent (or ensure that it is down) on the domain controller where you want to change the BladeLogicRSCDDC account password.
              2. Run the following command on the domain controller:

                 

                > <full path to agentctl> <current password> <new password>

                 

                For example

                 

                > "C:\Program Files\BMC Software\BladeLogic\RSCD\agentctl.exe" currentPassword newPassword

                 

              • 4. Re: RSCD account failed to create on replicated DC
                Davorin Stevanovic

                If the user is not present because it did not met policy standards. Could you temporary verify both domain group policy and local policy (run secpol.msc for local server policy) and lower password complexity or disable it for one minute.

                 

                Install RSCD Agent and then change password with Bill suggestion after that you can bring back the policy.

                 

                Thanks
                D.

                • 5. Re: RSCD account failed to create on replicated DC
                  Bill Robinson

                  ok, so i would try this:

                   

                  - stop the agent on both DCs

                  - delete the BladeLogicRSCDDC or BladeLogicRSCD account in the PDC emulator

                  - force replication to the other DC(s)

                  - delete the HKLM\Security\SAM\... keys for the user passwd on both boxes

                  - start the rscd service on the PDC emulator.

                  - does this agent work ?

                  - if so, force replication again from the PDC emulator

                  - start the rscd service on the other DC(s)

                  • 6. Re: RSCD account failed to create on replicated DC
                    Namdeo Patil

                    Hi Bill,

                     

                    yes tried with agentctl command, it's accepting password in command prompt and am entering domain account password which is already working for one user, but again rscd failed to start with same error,

                     

                    also tried with stop agent, delete account--and registry password value but no luck.

                    • 7. Re: RSCD account failed to create on replicated DC
                      Bill Robinson

                      Can you try w/ the procedure i mentioned ?

                      • 8. Re: RSCD account failed to create on replicated DC
                        Namdeo Patil

                        tried below steps on PDC emulator but same issue again,

                         

                        - stop the agent on both DCs

                        - delete the BladeLogicRSCDDC or BladeLogicRSCD account in the PDC emulator

                        - force replication to the other DC(s)

                        - delete the HKLM\Security\SAM\... keys for the user passwd on both boxes

                        - start the rscd service on the PDC emulator.

                        - does this agent work ?

                        - if so, force replication again from the PDC emulator

                        - start the rscd service on the other DC(s)

                         

                         

                        User Privilege Mapping enabled.

                        cc8076705e3b010ef746 0000000007 11/04/15 01:41:23.764 INFO     rscd -  xxxxxxxx 1496 SYSTEM (Not_available): (Not_available): The following domain user will be used by the agent for user privilege mapping: BladeLogicRSCDDC

                        43635cdf49f7605f1a50 0000000008 11/04/15 01:41:23.764 INFO     rscd -  xxxxxxxx 1496 SYSTEM (Not_available): (Not_available): RSCD_UnprivilegedUser.cpp - Caught exception. Error code=1332, msg=No mapping between account names and security IDs was done.

                        48577259abd32925b2a9 0000000009 11/04/15 01:41:23.764 INFO     rscd -  xxxxxxx 1496 SYSTEM (Not_available): (Not_available): Creating the following domain user for user privilege mapping: BladeLogicRSCDDC

                        bcbd4671a6a0534a5485 0000000010 11/04/15 01:41:23.826 ERROR    rscd -  xxxxxxxx 1496 SYSTEM (Not_available): (Not_available): [listen_thread:_create_bl_user] : The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements. (Could not create the BladeLogic unprivileged user. Expect failures in user privilege mapping mode.)

                        e166e5204fc8d56cb53c 0000000011 11/04/15 01:41:23.826 ERROR    rscd -  xxxxxxxx 1496 SYSTEM (Not_available): (Not_available): listen_thread ERROR: 9002:Internal Error - Caught exeception.

                        e506497c6f17cf4b21ce 0000000012 11/04/15 01:41:23.842 ERROR    rscd -  xxxxxxxxx 5084 SYSTEM (Not_available): (Not_available): Main: Wait Failed on handle. RSCD start failed.

                         

                        Note: actual server name replaced with xxxxxxxxx

                        • 9. Re: RSCD account failed to create on replicated DC
                          Bill Robinson

                          so xxxx here is the pdc emulator ?

                           

                          then i think the problem is your password policy as davorin mentioned.  is it possible to modify the password policy on the domain controller gpo ?

                           

                          otherwise - on the domain controller install the rscd uses one of 3 default passwords so what we may need to do is to use the agentctl method to change the password, trying each of the 3 passwords until we can do the change, and specifying a new default password, then doing the same on the other DCs - note that will only work w/ 8.6+ agents.  you can open a ticket to get the passwds, let me know the #

                          • 10. Re: RSCD account failed to create on replicated DC
                            Namdeo Patil

                            Thanks for your reply Bill, yes  xxxxx is the PDC emulator.

                             

                            BMC ticket #ISS04550577


                            • 11. Re: RSCD account failed to create on replicated DC
                              Namdeo Patil

                              Thanks Bills,

                               

                              Able to change the BladeLogicRSCDDC account password on domain controllers with new RSCD binary.