PrincipalOperationException: While trying to retrieve the authorization groups, an error (5) occurred

News Knowledge Base
1

How to resolved error "While trying to retrieve the authorization groups, an error (5) occurred." when trying to authenticate using AD

Problem

When trying to authenticate using AD the following errors occur:


EventViewer Application, Source: Orchestrator, Level: Error 
Error retrieving AD security groups for rayres.System.DirectoryServices.AccountManagement.PrincipalOperationException: While trying to retrieve the authorization groups, an error (5) occurred.
   at new System.DirectoryServices.AccountManagement.AuthZSet(byte[] userSid, NetCred credentials, ContextOptions contextOptions, string flatUserAuthority, StoreCtx userStoreCtx, object userCtxBase)
   at ResultSet System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p)
   at ResultSet System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper()
   at IReadOnlyList<DirectoryGroupDto> UiPath.Orchestrator.Core.DirectoryService.ActiveDirectoryClient.GetGroupsByUser(string domain, string name)


EventViewer Application, Source: Orchestrator, Level: Error
 

UiPath.Orchestrator.Core.Exceptions.BadRequestException: Error code - 1413, Message - 'The user is not a member of the specified AD domain.' ---> System.DirectoryServices.AccountManagement.PrincipalOperationException: While trying to retrieve the authorization groups, an error (5) occurred.
   at new System.DirectoryServices.AccountManagement.AuthZSet(byte[] userSid, NetCred credentials, ContextOptions contextOptions, string flatUserAuthority, StoreCtx userStoreCtx, object userCtxBase)
   at ResultSet System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p)
   at ResultSet System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper()
   at IReadOnlyList<DirectoryGroupDto> UiPath.Orchestrator.Core.DirectoryService.ActiveDirectoryClient.GetGroupsByUser(string domain, string name)
   --- End of inner exception stack trace ---
   at IReadOnlyList<DirectoryGroupDto> UiPath.Orchestrator.Core.DirectoryService.ActiveDirectoryClient.GetGroupsByUser(string domain, string name)
   at async Task<IEnumerable<UiUser>> UiPath.Orchestrator.Core.DirectoryService.DirectoryUserManager.GetGroupsAsync(string domain, string name)
   at async Task<IEnumerable<UiUser>> UiPath.Orchestrator.Core.DirectoryService.Extensions.GetGroupsAsync(IDirectoryUserManager manager, string loginName)
   at async Task<IEnumerable<TenantDto>> UiPath.Orchestrator.Web.Common.ExternalUserMapping.DirectoryUserMapper.GetDirectoryUserTenantsAsync(ExternalLoginInfo info)
   at async Task<List<TenantDto>> UiPath.Orchestrator.Web.Common.ExternalUserMapping.DirectoryUserMapper.GetTenantsAsync(ExternalLoginInfo info)
   at async Task<ActionResult> UiPath.Orchestrator.Web.Controllers.AccountController.ExternalLoginCallback(string returnUrl, string tenancyName, Nullable<bool> mayRegisterTenant)
   at object System.Web.Mvc.Async.TaskAsyncActionDescriptor.EndExecute(IAsyncResult asyncResult)
   at IAsyncResult System.Web.Mvc.Async.AsyncControllerActionInvoker.BeginInvokeAsynchronousActionMethod(ControllerContext controllerContext, AsyncActionDescriptor actionDescriptor, IDictionary<string, object> parameters, AsyncCallback callback, object state)+(IAsyncResult asyncResult) => { }
   at ActionResult System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult)
   at Func<ActionExecutedContext> System.Web.Mvc.Async.AsyncControllerActionInvoker+AsyncInvocationWithFilters.InvokeActionMethodFilterAsynchronouslyRecursive(int filterIndex)+() => { }
   at Func<ActionExecutedContext> System.Web.Mvc.Async.AsyncControllerActionInvoker+AsyncInvocationWithFilters.InvokeActionMethodFilterAsynchronouslyRecursive(int filterIndex)+() => { }
   at Func<ActionExecutedContext> System.Web.Mvc.Async.AsyncControllerActionInvoker+AsyncInvocationWithFilters.InvokeActionMethodFilterAsynchronouslyRecursive(int filterIndex)+() => { }
   at Func<ActionExecutedContext> System.Web.Mvc.Async.AsyncControllerActionInvoker+AsyncInvocationWithFilters.InvokeActionMethodFilterAsynchronouslyRecursive(int filterIndex)+() => { }
   at Func<ActionExecutedContext> System.Web.Mvc.Async.AsyncControllerActionInvoker+AsyncInvocationWithFilters.InvokeActionMethodFilterAsynchronouslyRecursive(int filterIndex)+() => { }
   at Func<ActionExecutedContext> System.Web.Mvc.Async.AsyncControllerActionInvoker+AsyncInvocationWithFilters.InvokeActionMethodFilterAsynchronouslyRecursive(int filterIndex)+() => { }
   at Func<ActionExecutedContext> System.Web.Mvc.Async.AsyncControllerActionInvoker+AsyncInvocationWithFilters.InvokeActionMethodFilterAsynchronouslyRecursive(int filterIndex)+() => { }
   at Func<ActionExecutedContext> System.Web.Mvc.Async.AsyncControllerActionInvoker+AsyncInvocationWithFilters.InvokeActionMethodFilterAsynchronouslyRecursive(int filterIndex)+() => { }
   at Func<ActionExecutedContext> System.Web.Mvc.Async.AsyncControllerActionInvoker+AsyncInvocationWithFilters.InvokeActionMethodFilterAsynchronouslyRecursive(int filterIndex)+() => { }
   at Func<ActionExecutedContext> System.Web.Mvc.Async.AsyncControllerActionInvoker+AsyncInvocationWithFilters.InvokeActionMethodFilterAsynchronouslyRecursive(int filterIndex)+() => { }
   at Func<ActionExecutedContext> System.Web.Mvc.Async.AsyncControllerActionInvoker+AsyncInvocationWithFilters.InvokeActionMethodFilterAsynchronouslyRecursive(int filterIndex)+() => { }
   at Func<ActionExecutedContext> System.Web.Mvc.Async.AsyncControllerActionInvoker+AsyncInvocationWithFilters.InvokeActionMethodFilterAsynchronouslyRecursive(int filterIndex)+() => { }
   at Func<ActionExecutedContext> System.Web.Mvc.Async.AsyncControllerActionInvoker+AsyncInvocationWithFilters.InvokeActionMethodFilterAsynchronouslyRecursive(int filterIndex)+() => { }
   at Func<ActionExecutedContext> System.Web.Mvc.Async.AsyncControllerActionInvoker+AsyncInvocationWithFilters.InvokeActionMethodFilterAsynchronouslyRecursive(int filterIndex)+() => { }
   at Func<ActionExecutedContext> System.Web.Mvc.Async.AsyncControllerActionInvoker+AsyncInvocationWithFilters.InvokeActionMethodFilterAsynchronouslyRecursive(int filterIndex)+() => { }
   at Func<ActionExecutedContext> System.Web.Mvc.Async.AsyncControllerActionInvoker+AsyncInvocationWithFilters.InvokeActionMethodFilterAsynchronouslyRecursive(int filterIndex)+() => { }
   at Func<ActionExecutedContext> System.Web.Mvc.Async.AsyncControllerActionInvoker+AsyncInvocationWithFilters.InvokeActionMethodFilterAsynchronouslyRecursive(int filterIndex)+() => { }
   at ActionExecutedContext System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult)
   at IAsyncResult System.Web.Mvc.Async.AsyncControllerActionInvoker.BeginInvokeAction(ControllerContext controllerContext, string actionName, AsyncCallback callback, object state)+() => { }
   at IAsyncResult System.Web.Mvc.Async.AsyncControllerActionInvoker.BeginInvokeAction(ControllerContext controllerContext, string actionName, AsyncCallback callback, object state)+(IAsyncResult asyncResult) => { }
System.DirectoryServices.AccountManagement.PrincipalOperationException: While trying to retrieve the authorization groups, an error (5) occurred.
   at new System.DirectoryServices.AccountManagement.AuthZSet(byte[] userSid, NetCred credentials, ContextOptions contextOptions, string flatUserAuthority, StoreCtx userStoreCtx, object userCtxBase)
   at ResultSet System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p)
   at ResultSet System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper()
   at IReadOnlyList<DirectoryGroupDto> UiPath.Orchestrator.Core.DirectoryService.ActiveDirectoryClient.GetGroupsByUser(string domain, string name)
Zeplin

 

Solution

Add the user under which the Application Pool is running in the Windows Authorization Access Group (WAA).
More information here