mdi sensor can't connect to domain

New Contributor

I set up mdi and am getting the following error in the logs:

2022-08-03 07:00:49.2776 Debug DirectoryServicesClient SetState Creating
2022-08-03 07:00:49.3401 Info  RemoteImpersonationManager CreateImpersonatorInternalAsync started [UserName=GA-MDI-READ$ Domain=tbh.local IsGroupManagedServiceAccount=True]
2022-08-03 07:00:49.4026 Info  RemoteImpersonationManager GetGroupManagedServiceAccountTokenAsync finished [UserName=GA-MDI-READ$ Domain=tbh.local IsSuccess=True]
2022-08-03 07:00:49.4026 Info  RemoteImpersonationManager CreateImpersonatorInternalAsync finished [UserName=GA-MDI-READ$ Domain=tbh.local]
2022-08-03 07:00:49.4182 Info  DirectoryServicesClient CreateLdapConnectionAsync failed to connect [DomainControllerDnsName=p-adc-v-01.tbh.local Domain=tbh.local UserName=GA-MDI-READ$ ResultCode=82]
2022-08-03 07:00:49.7149 Error DirectoryServicesClient+d__43 Microsoft.Tri.Infrastructure.ExtendedException: CreateLdapConnectionAsync failed [DomainControllerDnsName=p-adc-v-01.tbh.local]
   at async Task Microsoft.Tri.Sensor.DirectoryServicesClient.CreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)
   at async Task Microsoft.Tri.Sensor.DirectoryServicesClient.TryCreateLdapConnectionAsync(DomainControllerConnectionData domainControllerConnectionData, bool isGlobalCatalog, bool isTraversing)
2022-08-03 07:00:49.7306 Error DirectoryServicesClient Microsoft.Tri.Infrastructure.ExtendedException: Failed to communicate with configured domain controllers [ _domainControllerConnectionDatas=p-adc-v-01.tbh.local]
   at new Microsoft.Tri.Sensor.DirectoryServicesClient(IConfigurationManager configurationManager, IDirectoryServicesDomainNetworkCredentialsManager domainNetworkCredentialsManager, IRemoteImpersonationManager remoteImpersonationManager, IMetricManager metricManager, IWorkspaceApplicationSensorApiJsonProxy workspaceApplicationSensorApiJsonProxy)
   at object lambda_method(Closure, object[])
   at object Autofac.Core.Activators.Reflection.ConstructorParameterBinding.Instantiate()
   at void Microsoft.Tri.Infrastructure.ModuleManager.AddModules(Type[] moduleTypes)
   at new Microsoft.Tri.Sensor.SensorModuleManager()
   at ModuleManager Microsoft.Tri.Sensor.SensorService.CreateModuleManager()
   at async Task Microsoft.Tri.Infrastructure.Service.OnStartAsync()
   at void Microsoft.Tri.Infrastructure.TaskExtension.Await(Task task)
   at void Microsoft.Tri.Infrastructure.Service.OnStart(string[] args)

I already ruled out a few things:

  • the dc, mdi is running on can access the gMSA
  • mdi can access/impersonate the gMSA (according to it's logs)
  • the gMSA can log in as service on the DC

Anyone know any more things to check for? Any help would be really apreciated!

Lars

1 Reply

I found a solution: adding the gMSA Account to the "Domain Users" Group seems to have fixed it!