Error the service account is not a member of a windows administration group of one or more domains.

  • Document ID:7013374
  • Creation Date:26-Sep-2013
  • Modified Date:08-Jan-2014
    • Micro Focus Products:
      Directory and Resource Administrator

Environment

NetIQ Directory & Resource Administrator 8.7

Situation

When adding a managed domain you receive an error saying that the service account is not a member of a windows administration group of one or more domains. Also when you  look at the user accounts in DRA it does not show them as being a member of any groups.  

FIPS is enabled on the the DRA Server.

Resolution

We have a workaround for this issue by creating a config file in the <installation Directory>\NetIQ\DRA\X64 folder that tell the CacheLoader.exe to ignore FIPS. The one call that uses an MD5 hash is not security or authentication related; it is used solely to generate unique IDs for the Mongo database.

To resolve this issue:

    1.     Navigate to the <installation Directory>\NetIQ\DRA\X64 directory

    2.     Create a file named DRACacheLoader.exe.config

    3.     Open DRACacheLoader.exe.config with Notepad.

    4.     Paste the below text in to the DRACacheLoader.exe.config file

          <?xml version="1.0" encoding="utf-8" ?>

          <configuration>

              <runtime>

                  <enforceFIPSPolicy enabled="false"/>

              </runtime>

          </configuration>

    5.    Save the file.
      6.     Preform an Full Accounts Cache Refresh from the Delegation and Configuration Console for each of your domains:
        Configuration Management >Managed Domains>Double Click Your Domain(s)>Full refresh > Refresh Now

          Cause

          This is an issue with the MongoDB C# driver running on a FIPS compliant server. This is a known issue with the C# driver that is expected to be fixed in the next release of MongoDB.