Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > Network Performance Monitor (NPM) > NPM 12 AD group search error: The object does not exist

NPM 12 AD group search error: The object does not exist

Updated July 29, 2016

Overview

This article addresses the issue where a user with correct AD credentials is unable to find accounts in the same domain and returns the following error:

The object does not exist.

 

The following also appears in the C:\program data\solarwinds\logs\orion\orionweb.log file:

 DEBUG SolarWinds.Orion.Web.LdapAuthentication - Creating Ldap connection to domain.com:636
DEBUG SolarWinds.Orion.Web.LdapAuthentication - Successfully bind to LDAP server domain.com:636
DEBUG SolarWinds.Orion.Web.LdapAuthentication - GetUserDN: Search Response item count: 1
DEBUG SolarWinds.Orion.Web.LdapAuthentication - User's (username) distinguished name is CN=Username,OU=IT Services,OU=Staff,DC=domain,DC=com.
DEBUG SolarWinds.Orion.Web.LdapAuthentication - User domain\account has been successfully authenticated to LDAP server network.uni:636

ERROR SolarWinds.Orion.Web.AccountSearchHelper - Error occurred performing search in AccountSearchHelper. Exception:
System.DirectoryServices.Protocols.DirectoryOperationException: The object does not exist.
   at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation, ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
   at SolarWinds.Orion.Web.LdapAuthentication.GetNetbiosDomainName()
   at SolarWinds.Orion.Web.AccountSearchHelper.SearchUsingAuthenticatedLDAP(String user, String password, String domain, String patternToSearch, String sortDirection, Boolean isGroupSearch)
   at SolarWinds.Orion.Web.AccountSearchHelper.SearchFor(String searchString, String domainLogin, String domainPassword, String accountType, String sortDirection)

ERROR AccountManagement - Could not find account details on the specified domain.  Details:
System.DirectoryServices.Protocols.DirectoryOperationException: The object does not exist.
   at System.DirectoryServices.Protocols.LdapConnection.ConstructResponse(Int32 messageId, LdapOperation operation,

ResultAll resultType, TimeSpan requestTimeOut, Boolean exceptionOnTimeOut)
   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request)
   at SolarWinds.Orion.Web.LdapAuthentication.GetNetbiosDomainName()
   at SolarWinds.Orion.Web.AccountSearchHelper.SearchUsingAuthenticatedLDAP(String user, String password, String domain, String patternToSearch, String sortDirection, Boolean isGroupSearch)
   at SolarWinds.Orion.Web.AccountSearchHelper.SearchFor(String searchString, String domainLogin, String domainPassword, String accountType, String sortDirection)
   at AccountManagement.GetWindowsAccounts(String searchstring, String username, String password, String accounttype)

Environment

Products running on Orion Platform 2016.1 and later such as:

  • NPM 12.0 and later
  • SAM 6.2.4 and later
  • IPAM 4.3.2 and later
  • NCM 7.5 and later
  • VNQM 4.2.4 and later

Cause 

This usually occurs when LDAP authentication is enabled. By default, SolarWinds uses MSAPI to authenticate Active Directory users. If you switch to LDAP authentication, the search is unable to find the accounts using that method.

Resolution

Use the default MSAPI authentication.

Any user or group accounts you made using LDAP authentication must be recreated after disabling LDAP.

  1. Go to Settings > User Accounts > Advanced AD Settings.
  2. Change the method from LDAP back to default MSAPI.

Try searching again and verify that the error does not persist.

 

 

Last modified
11:54, 18 Jan 2017

Tags

Classifications

Public