Error for RID Master Accessibility Check only in Applications Manager
If you get an error for RID Master Accessibility Check-in Applications Manager:
- Run the below command in Administrator Powershell in the AD server directly.
dcdiag
- Verify if you can find RidManager test in the command output.
- If it has passed in the AD server, then the error shown in Applications Manager is due to the double hop issue.
NOTE:
- In the RidManager test, the respective AD server connects to the RID Manager which is the primary domain controller used to perform this test.
- When monitoring a secondary domain controller, if the Applications Manager installed server is in a different domain than the AD server, or if proper Kerberos delegation is not configured (even within the same domain), the credentials may need to be delegated to avoid the double hop issue.
- To delegate the credentials, you need to use the CREDSSP option present on the Add/Edit monitor page. Refer to this KB for more details on CredSSP.
Using CredSSP Authentication
The option to Use CredSSP Authentication should only be enabled when the AD Server being monitored is a non-primary Domain Controller. This is applicable When the remote server is located in a domain that differs from that of the Applications Manager's server domain, or is in the same domain and experiences a 'double-hop' issue due to proper Kerberos delegation not configured. Learn more about the prerequisites for using CredSSP authentication
If unable to configure CredSSP Authentication and receiving RID Master Accessibility Check Failed alerts, disable the row via Actions drop-down in the respective table in Applications Manager GUI.