Submit a ticketCall us

AnnouncementsFace your biggest database issues head-on

Our new eCourse helps you navigate SQL Server performance blocks by teaching you how to recognize and deal with the three DBA Disruptors: Performance Hog, Blame Shifter, and Query Blocker. Register today to learn how to defend your environment and fend off menacing disruptions.

Register for your free eCourse.

Home > Success Center > Network Performance Monitor (NPM) > NPM - Knowledgebase Articles > NPM 12 AD group search error: The object does not exist

NPM 12 AD group search error: The object does not exist

Updated July 29, 2016

Overview

This article addresses the issue where a user with correct AD credentials is unable to find accounts in the same domain and returns the following error:

The object does not exist.

 

The following also appears in the C:\program data\solarwinds\logs\orion\orionweb.log file:

 DEBUG SolarWinds.Orion.Web.LdapAuthentication - Creating Ldap connection to domain.com:636
DEBUG SolarWinds.Orion.Web.LdapAuthentication - Successfully bind to LDAP server domain.com:636
DEBUG SolarWinds.Orion.Web.LdapAuthentication - GetUserDN: Search Response item count: 1
DEBUG SolarWinds.Orion.Web.LdapAuthentication - User's (username) distinguished name is CN=Username,OU=IT Services,OU=Staff,DC=domain,DC=com.
DEBUG SolarWinds.Orion.Web.LdapAuthentication - User domain\account has been successfully authenticated to LDAP server network.uni:636

ERROR SolarWinds.Orion.Web.AccountSearchHelper - Error occurred performing search in AccountSearchHelper. Exception:
System.DirectoryServices.Protocols.DirectoryOperationException: The object does not exist.
   at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
   at SolarWinds.Orion.Web.LdapAuthentication.GetNetbiosDomainName()
   at SolarWinds.Orion.Web.AccountSearchHelper.SearchUsingAuthenticatedLDAP(String user, String password, String domain, String patternToSearch, String sortDirection, Boolean isGroupSearch)
   at SolarWinds.Orion.Web.AccountSearchHelper.SearchFor(String searchString, String domainLogin, String domainPassword, String accountType, String sortDirection)

ERROR AccountManagement - Could not find account details on the specified domain.  Details:
System.DirectoryServices.Protocols.DirectoryOperationException: The object does not exist.
   at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation,

ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
   at SolarWinds.Orion.Web.LdapAuthentication.GetNetbiosDomainName()
   at SolarWinds.Orion.Web.AccountSearchHelper.SearchUsingAuthenticatedLDAP(String user, String password, String domain, String patternToSearch, String sortDirection, Boolean isGroupSearch)
   at SolarWinds.Orion.Web.AccountSearchHelper.SearchFor(String searchString, String domainLogin, String domainPassword, String accountType, String sortDirection)
   at AccountManagement.GetWindowsAccounts(String searchstring, String username, String password, String accounttype)

Environment

Products running on Orion Platform 2016.1 and later such as:

  • NPM 12.0 and later
  • SAM 6.2.4 and later
  • IPAM 4.3.2 and later
  • NCM 7.5 and later
  • VNQM 4.2.4 and later

Cause 

This usually occurs when LDAP authentication is enabled in Orion Advance AD settings, but you do not have AD infrastructure in your Environment.

By default, SolarWinds uses MSAPI to authenticate Active Directory users. If you switch to LDAP authentication, the search is unable to find the accounts using that method.

Resolution

Scenario 1:

If you are using NPM 12.0/12.1 and don't have LDAP in your Environment, then use the default MSAPI authentication and Leave LDAP disabled.

Note: Orion Server has to be part of the AD domain

Any user or group accounts you made using LDAP authentication must be recreated after disabling LDAP.

  1. Go to Settings > User Accounts > Advanced AD Settings.
  2. Change the method from LDAP back to default MSAPI.

Try searching again and verify that the error does not persist.

 

Scenario 2:

If you have LDAP and AD in your environment and the Orion Server not joined in the Domain then you have to enable LDAP in Orion Advanced AD settings. LDAP authentication without joining the Orion server to a domain only works from NPM 12.2 / Orioin Platform 2017.3 onwards

 

 

 

Last modified

Tags

Classifications

Public