Project Server Active Directory Synchronization

[TheWall]

Hi,

I have Moss 2007 running with Project ontop of it.

In PWA i get the following errors when trying to sync Project and AD:

1.
Event Type: Error
Event Source: Office SharePoint Server
Event Category: Project Server Active Directory Synchronization
Event ID: 7715
Date: 2008/10/02
Time: 12:15:27 PM
User: N/A
Computer: Computername
Description:
Standard InformationSI Entry Point:
Project User: Domain\user
Correlation Id: a973ee78-76b3-409d-9fb9-0f567ba7992b
PWA Site URL: http://inet/PWA
SSP Name: SharedS9
PSError: Success (0)
A general exception occurred during communication with Active Directory.
Context: GetGroup (GUID and FQDN). Additional Information: An exception
occurred while trying to find an active directory group using it's AD GUID
and FQDN. ADGUID: '%s', FQDN:'%s'. Exception: '%s'.. Exception Info:
b1356a6e-9467-0c47-9a13-1d14911d06b4

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

2.
Event Type: Error
Event Source: Office SharePoint Server
Event Category: Project Server Active Directory Synchronization
Event ID: 7715
Date: 2008/10/02
Time: 12:15:27 PM
User: N/A
Computer: SUN
Description:
Standard InformationSI Entry Point:
Project User: Domain\User
Correlation Id: a973ee78-76b3-409d-9fb9-0f567ba7992b
PWA Site URL: http://inet/PWA
SSP Name: SharedS9
PSError: Success (0)
A general exception occurred during communication with Active Directory.
Context: Logon failure: unknown user name or bad password.
.. Additional Information: (null). Exception Info: (null)

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

3.
Event Type: Error
Event Source: Office SharePoint Server
Event Category: Project Server Active Directory Synchronization
Event ID: 7709
Date: 2008/10/02
Time: 12:15:27 PM
User: N/A
Computer: SUN
Description:
Standard InformationSI Entry Point:
Project User: Domain\User
Correlation Id: a973ee78-76b3-409d-9fb9-0f567ba7992b
PWA Site URL: http://inet/PWA
SSP Name: SharedS9
PSError: Success (0)
Active Directory ERP Synchronization cannot resolve reference to Group. This
could be because the group does not exist, the user does not have permission
or because of a communication problem between the project server application
server and active directory. FQDN: domain - PWA Team (e-mail address removed).
Active Directory Guid: b1356a6e-9467-0c47-9a13-1d14911d06b4.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Any ideas, i really have to get this working!!

Thanks

 

[Paul Conroy]

It appears that the account used for the SSP hosting project server cannot
read the AD global catalogue or group object.

To verifiy this run directory users and computers (start>run>dsa.msc) as the
domain account running the SSP from the application server. Check you can
browse the correct security group object.

 

[TheWall]

Hi Paul,

Running that on the App Server gives me a error:

http://i210.photobucket.com/albums/bb174/TheWall_photo/ad.jpg

Active Directory
Naming Information Could not be lacated because:
Login Failure: unknown user name or bad password.
Contact your system administrator to verify that your domain is properly
configured and is online.

What port must be open on the firewall for this?
We installed Symantec Corporate 11 which now comes with a firewall. Not sure
if this could be the issue.

 

[TheWall]

Ok, just logged onto the Application server with a diffrent username and
password and then i can access dsa.msc. So it cant be the firewall.

Where do i check the security rights? Do the user need a specific right in AD?

 

[Paul Conroy]

By default user objects have the read permission on most AD objects, so this
must have changing within your AD.

Check the permissions on the OU containing the security group and ensure
that the SSP admin account has object read permissions.

Is the SSP admin account a user in the same domain? Can you log on or run
an app under this security identity?

Check the account is not disabled.

 

[TheWall]

Hi,

There is one domain, The SSP Admin has got Domain Admin rights.

i Can log onto the Domain Controller with this account and then access dsa.msc

On your second point im not sure were to check for the read permissions on
the OU?

Well by login on to the DC i think it should mean that the account is not
disabled and on the same domain

 

[TheWall]

ok, i found this error's is the Application log after running dsa.msc

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1006
Date: 2008/10/03
Time: 07:40:42 AM
User: domain\User
Computer: Computer
Description:
Windows cannot bind to domain.LOCAL domain. (Invalid Credentials). Group
Policy processing aborted.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

and

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 2008/10/03
Time: 07:40:42 AM
User: Domain\user
Computer: computer
Description:
Windows cannot query for the list of Group Policy objects. Check the event
log for possible messages previously logged by the policy engine that
describes the reason for this.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.