Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2528: base.zonehier Failed to extend object

Authentication Service ,  

12 April,16 at 11:11 AM

Applies to: All versions of Centrify DirectControl on all platforms
 
Question:
 
The following messages can be seen in /var/log/messages running CDC 5.0.2 on a Red Hat Enterprise Linux 5:
 
adclient[3010]: WARN  <gpworker> base.zonehier Failed to extend object for CN=SRVARI11,CN=Computers,DC=csb,DC=local
adclient[3010]: WARN  <gpworker> base.bind.cache LDAP search CN=Computers,CN=srvari11.csb.local:zone,CN=Computers,
CN=ARI,CN=ARI,CN=CSB,CN=Zones,CN=Centrify,CN=Program Data,DC=csb,DC=local:(&(objectCategory=ServiceConnectionPoint)(|(managedBy=CN=SRVARI11,
CN=Computers,DC=csb,DC=local)(keywords=parentLink:S-1-5-21-251014051-3522727938-3902368344-4227))) threw unexpected exception: 
ldap search, no such object : No such object : 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'CN=srvari11.cs
adclient[3010]: WARN  <gpworker> base.zonehier Failed to extend object for CN=SRVARI11,CN=Computers,DC=csb,DC=local
adclient[3010]: INFO  <fd:10 PAMVerifyPassword > audit User 'thiril' authenticated based on Kerberos exchange to AD
 
Another example on a RHEL5;
 
adclient[1737]: INFO  <fd:11 PAMIsUserAllowedAccess2 > audit User 'action' is authorized
adclient[1737]: INFO  <fd:25 PAMIsUserAllowedAccess2 > audit User 'action' is authorized
adclient[1737]: WARN  <fd:11 CAPIGetObjectBySID > base.zonehier Failed to extend object for CN=cm-rhel5-1,CN=Computers,DC=cm-demo,DC=local
adclient[1737]: INFO  <fd:11 PAMIsUserAllowedAccess2 > audit User 'action' is authorized
cda.dash[3406]: ERROR: Unable to reconnect: Unable to send lrpc2 message: 404 (Socket closed), 13 bytes of session data lost.
cda.dash[3406]: ERROR: Error in sending buffered stdin data. 
 
Answer:
 
These messages are safe to ignore as the computer objects are found when when the system traverses up the Zone-hierarchy.  

When searching the machine's computer object, DirectControl will search in the Computer Zone first, but since the computer object was created in the base Zone, it throws an exception: 
 
"No such object"
 
Then the hierarchical Zone will catch the exception and log that warning message.
 
Resolution:
 
This issue has been addressed in Suite 2013.

Related Articles

 articleKB-4894: How to suppress "base.zonehier Failed to extend object" message in centrifydc.log articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-4034: ldapproxy ERROR: Failed to retrieve _objectCategory from object: No such attribute articleKB-2589: How to look for Service Connection Point (SCP) object in Active Directory using ldapsearch after doing a precreate articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS articleKB-6041: How to show current license type in use by adclient articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-3925: How to add Centrify parameter to a group policy articleKB-0237: Unable to see Centrify Profile Tab when doing "Find" in ADUC