Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-2094: Failed to retrieve groups from provisioning source (1355)

Auditing and Monitoring Service ,   Authentication Service ,   Mac & PC Management Service ,  

12 April,16 at 10:57 AM

Applies to: All versions of Centrify DirectControl.

ZPA does not finish and throws the below error to both zpa debug logs and event viewer: Data/Centrify/Zones/default
- Failed to retrieve groups from provisioning source
Information about the domain could not be retrieved (1355)

The above error means that ZPA is trying to enumerate the group and failing. There are some members in whose Active Directory domain cannot be contacted.

ZPA debug logs may not be able to pin-point the exact members because enumeration happens within MS libraries.  Some of these MS libraries, do not have debug level tracing however event viewer & zpa debug log will show the name of the group where it will stop or pause.

You should try taking out the group itself from the provisioning source in ZPA or find out which group member is causing the issue. Outside of ZPA,  you can enumerate all the group members under this domain using the below command.

The command dsget (part of Windows 2003) will help to get the group members from Windows:

C:\ dsget group "CN=Backup Operators,ou=Test,dc=microsoft,dc=com" members -expand
Replace this "CN=Backup Operators,ou=Test,dc=microsoft,dc=com" by  the DN of your group.

Once you obtain this list, try remove each member and see if it makes any difference. After this, ZPA should work fine.