Devolutions ForumDevolutions Forum

Privilege Access, first import of users from active directory failed with error 500

Privilege Access, first import of users from active directory failed with error 500

avatar
sebastienemery

Hi,

I'm testing the Privilege access fonctionnality of DPS and I'm facing this problem.
I've followed the quick start process and configured an AD Provider.
The error show up at the last step, when trying to import the discovered users:
Http failure response for https://*********/dps/api/pam/providers: 500 OK

Attached to this ticket there is the diagnostic filed generated by DPS.
The same error occur when configuring a SQL Provider.

Thanks for your help.
Sebastien

diagnostic-1606673250110.zip

All Comments (7)

avatar
Erica Poirier

Hello,

Thank you for the error report. I will ask an engineer to have a look on it and will get back to you.

In the meantime, do you have any relevant error messages related to this issue in the DPS logs?

Best regards,

Érica Poirier

avatar
sebastienemery

Hello,

There is not so much logs.

You will find attached some iis logs and Failed Request Tracing logs collected at the moment of the error.

Best regards.
Sebastien

Logs.zip

avatar
Erica Poirier

Hello,

Thank you for the logs. We will analyze them and will get back to you.

If you have any chance to test it again, please enable the Log Debug Information option in the Logging setting page to raise the debug level and see if you will get further information.

Have you tried to manually create a Scan in Scan Configurations to import accounts?
forum image

Best regards,

Érica Poirier

avatar
sebastienemery

Hi,

When setting log to DEBUG, there one more event in Windows event logs.
It seems I'm missing some privilege in the database.

Best regards,
Sebastien

Log Name: Application
Source: DVLS
Date: 01.12.2020 11:11:47
Event ID: 0
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: NEPWDSRV1.ne.ch
Description:
SqlException - The EXECUTE permission was denied on the object 'PAMGetTeamFolder', database 'DPS', schema 'dbo'.

at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString, Boolean isInternal, Boolean forDescribeParameterEncryption, Boolean shouldCacheForAlwaysEncrypted)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, Boolean inRetry, SqlDataReader ds, Boolean describeParameterEncryptionRequest)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry)
at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource`1 completion, String methodName, Boolean sendToPipe, Int32 timeout, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry)
at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
at Devolutions.Server.DatabaseManager.ExecuteNonQuery(String sql, DbTransaction dbTransaction, IEnumerable`1 parameters, CommandType commandType)
at Devolutions.Server.Pam.DataManagement.CredentialsCommand.InsertCredentialCommand.Execute()
at Devolutions.Server.Pam.DataManagement.PamCredentialsDataAdapter.Save(Boolean isProvider, PamCredential credential)
at Devolutions.Server.Managers.Pam.PamManager.SaveCredential(Boolean isProvider, PamCredential credential, PamHumanUser user, PamBaseAdapter initialAdapter)
at Devolutions.Pam.Controllers.PamProvidersController.PostPamProvider(PamProvider credential)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="DVLS" />
<EventID Qualifiers="0">0</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2020-12-01T10:11:47.705676900Z" />
<EventRecordID>6025</EventRecordID>
<Channel>Application</Channel>
<Computer>NEPWDSRV1.ne.ch</Computer>
<Security />
</System>
<EventData>
<Data>SqlException - The EXECUTE permission was denied on the object 'PAMGetTeamFolder', database 'DPS', schema 'dbo'.

at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString, Boolean isInternal, Boolean forDescribeParameterEncryption, Boolean shouldCacheForAlwaysEncrypted)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, Boolean inRetry, SqlDataReader ds, Boolean describeParameterEncryptionRequest)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry)
at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource`1 completion, String methodName, Boolean sendToPipe, Int32 timeout, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry)
at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
at Devolutions.Server.DatabaseManager.ExecuteNonQuery(String sql, DbTransaction dbTransaction, IEnumerable`1 parameters, CommandType commandType)
at Devolutions.Server.Pam.DataManagement.CredentialsCommand.InsertCredentialCommand.Execute()
at Devolutions.Server.Pam.DataManagement.PamCredentialsDataAdapter.Save(Boolean isProvider, PamCredential credential)
at Devolutions.Server.Managers.Pam.PamManager.SaveCredential(Boolean isProvider, PamCredential credential, PamHumanUser user, PamBaseAdapter initialAdapter)
at Devolutions.Pam.Controllers.PamProvidersController.PostPamProvider(PamProvider credential)</Data>
</EventData>
</Event>

avatar
Erica Poirier

Hello,

Thank you for the information.

I have sent a SQL statement in a private message that should solve your issue. Let me know if that helps.

Best regards,

Érica Poirier

avatar
sebastienemery

Hello Erica,

Thanks, I was able to configure the provider and import users from AD.

Have a nice day.
Sebastien

avatar
Erica Poirier

Hello Sebastien,

Thank you for your feedback and glad that with the new permissions you can now configure the provider and import AD accounts.

Have a nice day too!

Best regards,

Érica Poirier