Salesforce

KB-2556: ZPA stopped provisioning user with error "The group's SID could not be resolved."

Printable View
« Go Back

Information

 
TitleKB-2556: ZPA stopped provisioning user with error "The group's SID could not be resolved."
URL NameKB-2556-ZPA-stopped-provisioning-user-with-error-The-group-s-SID-could-not-be-resolved
Knowledge Article TypeProblem / Resolution
Article TypeKnowledge
ArticleType 
ProductCentrify DirectManage
Component 
Version 
Tags
Internal Comments
Article Edits
Bug #27774
Solution ID2556
Knowledge Base Article Details
Applies to:

Centrify Zone Provisioning Agent version 5.0.3 or below on Windows OS
 
Problem:
 
ZPA stopped provisioning users with the following errors in the log:
 
Failed to retrieve users from provisioning source ORACLE_Users@ILTEST.NET. 
An error (1301) occurred while enumerating the groups. 
The group's SID could not be resolved. ILTEST.NET/Centrify/Zones/

OR

Error: Failed to retrieve groups from provisioning source <groupname>@<domainname>.  While trying to resolve a cross-store reference, the SID of the target principal could not be resolved.  The error code is 1788.
 
Cause:
 
In the source group (or member of the source group), there are one or more users/groups whose SID were not resolvable and caused the .NET framework to throw out an exception. These exceptions caused ZPA to stop provisioning.
 
Workaround:
 
Open and expend each member of the source group to find the non-resolvable users and groups (CN=S-1-xxxxxxx) and remove them:
 
CN=S-1-5-21-.... is the object that cannot be resolved.























 






Resolution:

This will be fixed in a future release.
Created ByArticle Admin
Solution CreatorIan Lau
DraftNot Checked
LithiumId
Lithium_Board_Id
Lithium_View_Href
Tags 
Category 
ArticleImage
Known IssuesNot Checked
Powered by