The NetIQ DRA Health Check utility reports an error under Accounts Validation for Domain Accounts Overview

  • 7018359
  • 05-Dec-2016
  • 14-Apr-2017

Environment

NetIQ Directory and Resource Administrator 9.0.x

Situation

When running the NetIQ Directory Resource Administrator (DRA) Health Check Utility (HCU) the ability exists to validate the status of various Active Directory (AD) accounts used by DRA. One of these checks is labeled Domain Accounts Overview. This check will query the DRA configuration for details related to each managed Domain’s access account.

Resolution

In order to verify the results of the HCU, you will need to use the DRA Delegation and Configuration console to view the domain access account details. Each managed domain has the following options:
  • Use the AD account running the NetIQ Services
    • Using this option will trigger the HCU to report a possible issue validating the account, as technically there is no account value stored.
  • Use this account
    • This option requires a manually typed user name and password. These credentials are encrypted and securely stored within the DRA Configuration. This portion of the DRA configuration is stored within the local Active Directory Lightweight Directory Services (ADLDS) located on each DRA server.
  • Use the value set on the Primary DRA Server
    • This option is only exposed on DRA severs running as a Secondary DRA server

Cause

The DRA HCU is attempting to validate the existence of stored credentials for each managed domain. When the HCU fails to locate a value, it will display a warning. This warning can be an indication there is a problem with the domain access credentials; or that there are none being used.