Applies to: Centrify for Mobile
Problem:
When using a Service Account that has been granted full permissions to the OU specified for enrollment, device enrollment fails with the the following error found in the Cloud Connector log:
CreateMachineForDevice Exception: System.UnauthorizedAccessException: Access is denied.
Cause:
This error is presented due to a lack of permissions for the Service Account to the OU. When a service account is specified to run the Cloud Connector service, the account is not automatically configured for proxy permissions on the OU.
Resolution:
In order to grant the missing permissions for the account to the OU, the following steps will need to be taken:
- Open up ADSI Edit:
- Start > All Programs > Administrative Tools > ADSI
- Navigate to the OU in question, right-click on the OU and choose "Properties"
- Navigate to > "Security" > "Advanced"
- Under the "Permissions" tab navigate to the Service Account and click "Edit..."
- In the "Apply to:" drop-down box, choose "This object and all descendant objects"
- Click "OK" and then "Apply" on the Advanced Security Settings window.