【IAG】IAG Domain ADSSO cause Microsoft AD server keep prompt the error message

CTI SC Lv2Posted 21 Jan 2022 17:16

Product: IAM/IAG
Version: IAM11.0 and above
Discover Date: 03/11/2021
Microsoft AD Server will keep prompt out the error message below inside the event log.

Event ID: 10036
Message: "The server-side authentication level policy does not allow the user %1\%2 SID (%3) from address %4 to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application."
(%1 – domain, %2 – user name, %3 – User SID, %4 – Client IP Address)

[Trigger conditions]
IAM/IAG with Domain ADSSO enabled.

[Root cause]:
The AD domain has updated Microsoft's latest KB5005568 (the patch on win server 2019 is called this, and other system versions are not sure). After installed this Windowsm patch, the security level of the dcom connection will be required to reach the RPC_C_AUTHN_LEVEL_PKT_INTEGRITY level. If this level is not reached, a security warning will be prompted , and the security level of the wmic tool integrated on the IAM/IAG device is the default level when creating a new dcom connection, which causes a large number of alarm logs to be generated every time we call the wmic tool to fetch logs from the domain. For patch information, Please refer to https://support.microsoft.com/en ... 2-941e-37ed901c769c

[How to check ]:
Step 1: Confirm whether IAM/IAG is using Microsoft AD Domain SSO.
Step 2: Confirm the event log is keep prompt out on the Microsoft AD server.

[Current solution]:
1. Kindly contact technical support for assistance.

Trending Topics

Board Leaders