Resolution
Directory and Resource Administrator 7.5
symptom
Accounts cache refresh fails for a managed Windows 2003 domain.
symptom
A domain is shown with a red question mark in the user interface.
symptom
Changes made in native tools are not reflected in DRA.
symptom
All agents show up as installed in the GUI, even if they are not.
symptom
The following type of event shows up in the logs:
Event Type: Error
Event Source: MCSAdminSvc
Event Category: AcctProvDomain
Event ID: 14081
Date: xx/xx/xxxx
Time: xx:xx:xx AM/PM
User: N/A
Computer: DRAserver\
Description:
Domain Domain.com CNF:{GUID}(Domain_name) (Trusted,AD) (Scheduled accounts cache refresh) began at date time and ended at date time, contents unsuccessfully loaded, hr=c004370b=(Because of the number of changes in the Active Directory, DRA will perform a full accounts cache refresh instead of the scheduled incremental accounts cache refresh. After the full refresh, DRA will continue performing scheduled incremental cache refreshes for this domain) The Administration server did not successfully update the accounts cache. The cache may not contain all recent changes.
cause
You have multiple groups with cross-domain memberships in your environment, and DRA is not able to refresh data properly.
fix
To resolve the issue:
- Change the HKEY_LOCAL_MACHINE\SOFTWARE\Mission Critical Software\OnePoint\Administration\Modules\Accounts\Domains.Dns UseGcForSidLookup registry value to
1on all DRA servers. - Restart the NetIQ Administration Service on all DRA servers.
- Perform a manual Incremental Cache Refresh:
a. In the left pane, expand Configuration Management.
b. Click Managed Domains.
c. In the right pane, select the domain for which you want to refresh the accounts cache.
d. On the Tasks menu, click Refresh Accounts Cache> Incremental Refresh.