Trouble Shooting: DomainService is not doing the “right” thing

by

Issue: You have installed the DomainService, it isn’t listed in the Management Console, OR it is listed in the Management Console and there are no users are showing up in the Tech Client for anyone, OR the users accounts are created in the wrong OU or without the correct rights, OR passwords aren’t rotating, OR etc…

Something just isn’t right. Let’s do some trouble shooting:

Let’s start with the simple and common and work toward the less common. 

  • Is the Domain Service running on the DC if you are making domain accounts? Check for a service named “RuffianDomainService” and make sure it is running. If it is not running, start it. Run “DomainService.exe start” as described in this documentation on the DomainService.
  • Is the Domain Service running on the computer if you are making local admin accounts or use TechIDManager LAPS? Check for a service named “RuffianDomainService” and make sure it is running. If it is not running, start it. Run “DomainService.exe start” as described in this documentation on the DomainService.
  • Is there a Triplet that grants some techs Rights on that Domain? Look at the Management Console  and click on “Reports” -> “Triple Access Report”.  Select the Domain in question from the drop down at the top and ensure that the users you expect to have accounts on that Domain have at least 1 Right on that Domain. If they don’t create Groups and a Triplet such that users are granted rights. See this documentation on Triplets.
  • Is there an error in the DomainService.log? In the directory where the DomainService is installed there is a file named “DomainService.log” (don’t confuse it with DomainService.InstallLog). This is a log of all the actions and errors of the DomainService. Check for an error near the end of this file. 
  • Some Errors in DomainService.log and how to address them.
    • System.DirectoryServices.AccountManagement.PasswordException: The password does not meet the password policy requirements. – This is usually caused by a password length greater than 16 characters on a SBS (or migrated from SBS domain). The solution to this is to use a 16 character password on that domain. This can be set with the “passwordlength” option on the DomainService as described in this documentation on the DomainService.
    • System.UnauthorizedAccessException: Access is denied. – This is rare and usually indicates an AD setup issue. 
      • Is there a setup issue with AD? Can you manually do the same things DomainServices is trying to do? 
      • Is the DomainService running on the DC? The most common reason for access is denied is not running the DomainService on a DC.
      • Is the RuffianDomainService service running as Local System? 
      • Is there any virus or protection software running that could be preventing access, and do those logs show anything?
    • System.DirectoryServices.AccountManagement.PrincipalServerDownException: The server could not be contacted. ---> System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable. – This indicates that there is a still referenced DC that is offline or “tomb stoned”. This is an AD setup issue and the references to the old, off, or decommissioned, DC need to be removed from AD. 
    • System.DirectoryServices.ActiveDirectory.ActiveDirectoryServerDownException: The server is not operational. – This indicates that there is a still referenced DC that is offline or “tomb stoned”. This is an AD setup issue and the references to the old, off, or decommissioned, DC need to be removed from AD. 
    • System.IO.FileNotFoundException: Could not load file or assembly 'Newtonsoft.Json, Version=12.0.0.0, Culture=neutral,... – This indicates that not all the files from the distribution zip file were copied to the same directory. 
    • System.DirectoryServices.AccountManagement.MultipleMatchesException: Multiple principals contain a matching Identity.... – This indicates that two accounts were created for a tech. This is usually caused by installing the DomainService on two DCs in the same AD, and both have created the accounts for the techs before a sync of the trees between DCs. The solution is to uninstall DomainService from one of the DCs and delete one (or both) of the duplicate accounts for each tech.  The remaining DomainService will manage (or recreate) the account for each tech.
  • If none of these suggestions are able to fix your issue, please contact Support@RuffianSoftware.com. We are here to help. 

 

Our goal is to protect data and make technicians' access to remote domains, networks, and computers as safe and easy as possible.

Sales: 1-864-214-5049
Email: sales@techidmanager.com

Support: 1-864-414-2241
Email: support@techidmanager.com

Request a Demo

Quick Links:

TechIDManager

Pricing

Management Console

Install Today

How-to Articles

Trusted:

Supports:

Microsoft Azure logo
MacOS

© 2023 Copyright Ruffian Software Inc.

Privacy Policy