Guest

Preview Tool

Cisco Bug: CSCum92402 - NTLM key retrieval fails when child user login with parent upn suffix

Last Modified

Feb 11, 2018

Products (1)

  • Cisco Wide Area Application Services (WAAS) Appliances

Known Affected Releases

5.4(0)

Description (partial)

Symptom:
In a hierarchical domain setup, NTLM key retrieval fails with permission error when child domain user login with parent domain upn suffix (or) parent user login with child upn suffix 

05/27/2014 12:28:24.438(24492 0.1) DETL (438851) NcResponseParse, Resp Type: 6, 6  [AppApiDrsGetNcChanges.cpp:1110]
05/27/2014 12:28:24.438(24492 0.1) ERRO (438859) DrsGetNcChanges failed, DrsExtError:00000000 ,DRSError:00000000 , result_error:00002111 [AppApiDrsGetNcChanges.cpp:1125]
05/27/2014 12:28:24.438(24492 0.1) ERRO (438869) DrsGetNcChanges failed returning, DrsExtError:00000000 ,DRSError:00000000 , result_error:00002111 [AppApiDrsGetNcChanges.cpp:1140]
05/27/2014 12:28:24.438(24492 0.1) ERRO (438877) session(0x50f6a0), ParseNcResponse call Failed with error: 16 [AppApiDrsGetNcChanges.cpp:292
.....
05/27/2014 12:28:24.439(24492 0.1) ERRO (439068) session(0x50f6a0) Failed to Retrieve Key from AD for PN:MAPI2K10.LOCAL\CHENNA error:16 [SRKeyRetriever.cpp:249]
05/27/2014 12:28:24.439(24492 0.1) TRCE (439083) Handle key retrieval response [SRKeyMgr.cpp:166]
05/27/2014 12:28:24.439(24492 0.1) ERRO (439091) Key retrieval failed with Status 16 [SRKeyMgr.cpp:171]
05/27/2014 12:28:24.439(24492 0.1) ERRO (439105) Key retrieval failed due to Drs App Error Directory services DrsGetNcChanges failed, Unable to obtain updates for the provided naming context. Could be due to permission issue. [SRKeyMgr.cpp:189]
05/27/2014 12:28:24.439(24492 0.1) NTCE (439153) Identity ad is  blacklisted [SRDiIdMgr.cpp:244]
05/27/2014 12:28:24.439(24492 0.1) ERRO (439161) Identity: ad will be black listed. [SRKeyMgr.cpp:192]In a hierarchical domain setup

Conditions:
a. In a hierarchical domain setup, create a child domain user with parent domain upn suffix.
b. When the authentication type is set as NTLM for this user, trying to login to outlook with parent upn suffix would cause the permission error during key retrieval.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.