Symantec Access Management

Tech Tip : CA Single Sign-On : LookupAccountSid failed

  • 1.  Tech Tip : CA Single Sign-On : LookupAccountSid failed

    Broadcom Employee
    Posted 11-30-2018 05:58 AM

    Issue:

     

    We're running a Web Agent, and when user try to login with Windows
    Authentication, the Web Agent returns error 500 to the browser :

     

    https://mymachine.mydomain.com/siteminderagent/ntlm/creds.ntc?CHALLENGE=&SMAGENTNAME="[...]

     

    and we can see in the Web Agent traces :

     

    [11/28/2018][07:50:41][20576][104][SmNTC.cpp:227]
    [SmNtc::getCredentialsWinNativeAuth][00000000000000000000000039247fa9
    -5060-5bfe48d1-0068-03bb186b][*169.112.46.232][][mymachine.mydomain.com][/]
    [][LookupAccountSid failed - 5]

     

    How can we solve this ?

     

    Resolution:

     

    You'll solve the issue by checking the following

    Check the users in the following configuration :

     

    One thing you must do when: getting http 500.0.1346 error
    https://blogs.msdn.microsoft.com/asgoyal/2012/08/25/one-thing-you-must-do-when-getting-http-500-0-1346-error/

     

    run –> secpol.msc –> Local Policies –> User Rights Assignment

     

    Impersonate a client after authentication

    and make sure that users are set :

     

    Administrators

    IIS AppPool\Net v2.0 

    IIS_IUSRS
    LOCAL_SERVICE
    NETWORK_SERVICE
    SERVICE

     

    IIS should be allowed to do impersonation at the Windows OS level.

     

    KB : KB000122166