See Error(#10000) Frequently While Assigning Role To AD User In Orchestrator

News Knowledge Base
,
1

See error(#10000) frequently while assigning role to AD user in Orchestrator.

Issue Description: See error(#10000) frequently while assigning role to AD user in Orchestrator.

Troubleshooting:

  • Restarting IIS or Orchestrator can resolve the issue temporary, but error will reoccur in couple of hours
  • Error of 'DomainUnreachable' error can be seen in Event Viewer log:
    • 2023-06-14 02:35:22.5078 UiPath.IdentityServer.Directory.Abstractions.Interfaces.IDirectoryAdapterConfiguration Error retrieving AD security groups for S-1-5-21-1708537768-1303643608-725345543-13609862. PrincipalOperationException*Creating an instance of the COM component with CLSID {080D0D78-F421-11D0-A36E-00C04FB950DC} from the IClassFactory failed due to the following error: 800401e4 Invalid syntax (0x800401E4 (MK_E_SYNTAX)).* at System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p) at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper() at UiPath.IdentityServer.Directory.Active.ActiveDirectoryClient.GetGroupsByUserPrincipalInternal(String domain, UserPrincipal principal) at UiPath.IdentityServer.Directory.Active.ActiveDirectoryClient.GetGroupsByUserPrincipal(String domain, Func`1 principalFunc, CancellationToken token) at UiPath.IdentityServer.Directory.Active.ActiveDirectoryClient.GetUserGroupsAsync(DirectoryIdentifier directoryIdentifier, IEnumerable`1 groupIdentifiers, CancellationToken token)
	COMException*Creating an instance of the COM component with CLSID {080D0D78-F421-11D0-A36E-00C04FB950DC} from the IClassFactory failed due to the following error: 800401e4 Invalid syntax (0x800401E4 (MK_E_SYNTAX)).* at System.DirectoryServices.AccountManagement.ADStoreCtx.LoadDomainInfo() at System.DirectoryServices.AccountManagement.ADStoreCtx.get_DnsDomainName() at System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p)
    • 2023-06-14 02:32:33.4694 UiPath.IdentityServer.Web.Middleware.ExceptionHandlingMiddleware DomainUnreachable DirectoryAdapterException*DomainUnreachable* UiPath.IdentityServer.Directory.Active.ActiveDirectoryAdapter.GetScopesAsync(CancellationToken token) ...
    • 2023-06-14 02:32:33.4651 UiPath.IdentityServer.Directory.Abstractions.Interfaces.IDirectoryAdapterConfiguration The configured domain 'xxx.xxx' is not accessible. COMException*Creating an instance of the COM component with CLSID {080D0D78-F421-11D0-A36E-00C04FB950DC} from the IClassFactory failed due to the following error: 800401e4 Invalid syntax (0x800401E4 (MK_E_SYNTAX)).* at System.DirectoryServices.ActiveDirectory.DirectoryEntryManager..ctor(DirectoryContext context) at System.DirectoryServices.ActiveDirectory.Domain.GetDomain(DirectoryContext context) at UiPath.IdentityServer.Directory.Active.ActiveDirectoryClient.GetConfiguredDomain(String DomainName, IDomainResolver domainResolver)
  • All application pools are configured as customized AD account
  • Domain status is normal by checking with commands 'dsregcmd /status' and 'nltest /dsgetdc:{Domain}'
  • Open IIS, navigate to Application Pool > UiPath Orchestrator > Advanced Settings, and set 'Load User Profile' option to True, and restart IIS.

Resolution:

  1. Open IIS
  2. Navigate to Application Pool > UiPath Orchestrator > Advanced Settings
  3. Set 'Load User Profile' option to True
  4. Open elevated CMD window, and run IISRESET to restart IIS