Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations gmmastros on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Remedy 5.1.1 and Active Directory

Status
Not open for further replies.

mtownbound

Technical User
Jan 28, 2002
293
US

Trying to install 5.1.1 on a Server 2K domain, but having some serious RPC problems.

The server is in a domain and the Oracle db is on a remote machine. Successfully installed AR with no hiccups. Try to log into Admin and receive error "ARERR [90] Cannot establish a network connection to the AR System".

If we go through svrmgr and use the Remedy login account that was created during the install, we can successfully login and see all the objects that were installed.

However, if we "unjoin" the domain and perform a local install in the workgroup, we can log into Remedy and the db with no problems.


Thanks ahead for any help!!!!
 
MtownBound,

Have you found a resolution to this problem. I am having the exact same problem here. Let me know via email at holmanr@dmshelp.navy.mil or rntcj7@cox.net.....thanks in advance.

Ron
 

Yeah, we finally figured it out, but it was a combination of registry, port, and permission problems. Is your problem exactly the same? What errors are you getting?
What troubleshooting have you done? If you can, attach some screenshots of your local machine\software\remedy folder and your remedy installation screens, I can compare them to ours.
 
I was thinking it was something like that...our problem is exactly what you are getting. The error is "ARERR [90] Cannot establish a network connection to the AR System" also and I have tried tweaking the rights(permissions)for it to allow RPC to connect. We continue to get RPC connection refused or connection failed. I would like to give you screen shots but the system is on a classified network on a DOD classified system. Unfortunately, I can't copy screenshots to a disk and then email from a nonsecure account as the DOD security policy prohibits it. However, if you think, after reading this email, you can email a shot of yours and I'll print it and compare to what I have. I have no restrictions as far as blocked ports but will be interested in figuring this out if you can help.
Here are a few things that we did:
1. The user we are using for the domain login is max'd on permissions for the domain.
2. I have gone into the registry and set the permissions to full control for that particular user along with the groups that that user is apart of.
3. Verified that the local server policies are not conflicting and thereby possibly overriding the domain policies
4. Tried reinstalling the AR System both on and off the domain with no change of results.
5. Also we are in Native mode for Active Directory and I exported the security templates and then reloaded AD and placed it into mixed mode to no avail either. We are now back in Native Mode as we have strictly a W2K environment. The AD is installed on W2K Advanced Server if that makes a difference.
6. I verified that all ports that Remedy needs is opened and not blocked by any firewalls but I'm not sure whether AD is blocking any by design.

What exactly did you do with the registy for local machine/software/remedy folder?? Did you set the permissions also for that folder along with permissions for the entire registry?? I even went in with Regedit32 and regedit to ensure I got the permissions right. I know that I am missing something and if you can provide some direction that I can run towards, it would greatly be appreciated.

The only other thing we can do right now is leave the Remedy server as a workgroup and manually map to the server when we need to. Thanks for your rapid reply and I look forward to hearing from you soon. Thanks again.

Ron H.
 
Seems to me that AD is not configured properly. Somehow the Domain or Local permissions are overwriting one another. I'm not an expert by no means but simple troubleshooting efforts should clear this issue up. My firm and I had the same issue. Re-check all your Security Policies and Permissions. Local and Domain. There are a few policies that you have overlooked that are giving a False/Possey. With the resources you have under the DoD there is no reason this should be an issue. What you are saying is that you work for the DOD and you are the best they have? Do you have any positions open? rntcj7 I want your job. Next time before spouting off do some research on the topic then come correct. No half steppin round here.
 
rntcj7,
You do not want to go to the registry for your cure. Don't even touch it! You'll be reloading for sure if you do. MTOWNBOUND's "helpful idea" that it was a "combination registry, port, permission" problem means that MTOWNBOUND must work for Microsoft -- he gives you a lot of information, but none of it is worth a Da*n! ... and ITGEEK101 should get laid and switch to decaf.. he's obviously taking this a little personal, don't you think? (and this was his first-ever post.. I can't wait to see how he mushrooms in other replies...) Bottom line: you get all kinds in here, so use your common-sense filter.

Look at the problem logically -- what went wrong and when? You're keeping a notebook of all your server activities..right? If not, you should go back to school and listen up during that part of the course. If you can't zero in on the culprit -- set up your development server or another available server with active directory in a CLEAN (no security added) installation. What happens? Can you connect? If so, your security is the culprit. Log each step so that you can refer back to it and not duplicate your actions. Are you the only adminisrator, or are there other cooks in the stew that confuse your troubleshooting actions? Have fun, and try not to get fired.
 
Torqueman,

I'm a tech lead and I deal with people like ITGeek all the time. Common Sense filtering applied and his attitude was deleted. Good thing for me is that I have a job with DOD and am relieved that ITGeek has no chance in getting it. That all aside, I have a notebook FULL of stuff and I have reverse engineered the security and believe that to be the problem. I set all the permissions on a backup server(AD) to not defined and it worked. So I agree that the security is the culprit. Unfortunately, I have several other administrators in the mix here and had to stop the admin work on the Primary AD to get this problem resolved. I have full control and attention on this box and am working little by little to see which switch killed the application. I appreciate the posting and the serious advise. I guess even the IT world is not without it's children IT'ers...:) Thanks again for the heads up and you hit the nail right on the head. Have a good one and thanks for the response.

 
Nice come back rntcj7. All I am saying is if you don't know the material get the Hell out of the Kitchen. Seems to me you are Power hungry and self centered. Look at all the I's in your posts. What happend to team work? You did say you have other Administrators there? My suggestion to you would be get your head out of your ass and learn AD. In the IT world you are what we call a TIER ONE Idiot. Do you have documentation on AD? If you did you would not be here. This is my last post. I've spent too much time on a person who does not want to help themself.
 
ITGEEK,
Well since you have shown all of us your "intelligence" here, you obviously must have been lost as you could do nothing but complain instead of offering some good advice. I've been where you are now. Amateur systems administrator and such..but then, I grew up, graduated from high school and have found a job in the world. Apparently you are still having some difficulties. Perhaps Tek-Tips is not really for you yet. See from what I have read in all the time I've been here, I've seen IT Professionals discussing difficulties with one another and working together to a common goal. See in the IT world, as you will learn, all IT Professionals are a team and therefore do work together as a team. The administrators that I have at work ARE working with me on this problem and they are aggressively working towards the common goal of getting this problem fixed. Now after all that has been said, I have work to do and need to bid you farewell. Hopefully, when you need a hand with a problem, you will learn to have more respect for your fellow IT Professionals.

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top