SP2023 in AD domain - WinPlatform deployed but can't go on-scan. Are there special requirements for network account, global/local security policies?

Hello to everyone,

We have small domain for testing SP2023 on Windows Server 2022 Standard which contains domain controller (AD DS, DNS, Hyper-V) and two Hyper-V VMs also with Windows Server 2022 Standard (no server roles). Domain was installed and functioning, any settings of global/local policies were did. The only additional action - we copied domain administrator account to SP administrator account in AD users and computers. First VM we are planning to use as GR (All-in-One-Node), second one - as AOS . During installation we indicate SP administrator account as network account and got message which warns that this account by group policy can be expired or password can be changed but we agree with that and installation continues.

After installation Configurator was not able to configure System Monitor Manager on GR (Error code - InternalServerError) but we left it for later. GR node was configured as SMS and AOS node was connected and registered successfully.

Firewalls are disabled, no MS updates were installed on Windows Server.

After we created new simple Galaxy from GR and AOS WinPlatform, deployed them. GR was deployed and started on-scan, but AOS started off-scan and any attempts put it on-scan has no success. During deploy and starting AOS on-scan Logger shows a several warnings and errors:

Warning MessageChannel Failed to communicate with target node, GR. This may be because it is not connected to the same System Management Server as this node (https://smdugr). If that is the case, use the Configurator on the target node, GR, and point it to the same Syste...

This is really strange as Configurator on AOS shows connection to GR

Info xxSecurity CSecurityChecker::internalLoadUserProfileInfo - failed to load security schema from user profile data
Error xxSecurity The CheckOperation Permission call is made to xxSecurity, but security information is not initialized
Error BaseRuntimeComponentServer INVALID HRESULT LINE 1658 FILE D:\ADO\Work\8\s\src\BaseRuntimeComponentServer\CBaseRuntimeObject.cpp hResult 80004005
Info xxSecurity CSecurityChecker::internalLoadUserProfileInfo - failed to load security schema from user profile data

Info aaBootstrap ManageRunningProcess Process 4536 seems to be not responding. It has a status 6. It hasn't notified the watchdog for 120234 ms. The process must respond to the watchdog within 90000 ms to be considered responsive
Warning aaBootstrap This process failed to send heartbeat and it exceeds maximum WatchdogFault.. This process will be restarted.
Warning aaBootstrap Pid:4536 Path:C:\Program Files (x86)\ArchestrA\Framework\Bin\aaEngine.exe Cmd:Deploy=False,Restart=True,ScanState=Last,CheckpointPath=,ClsId={BE4A11B6-86C2-49C6-883E-ABA501A6BCC7},EngineId=1,EngineName=AOS,EngineSignature=0,IsPlatformEngine=-1,Platf...
Info SoftwareControllerManager The process with id 4536 was terminated by the bootstrap because it failed to shutdown within 120.000 seconds
Warning aaBootstrap Platform with process ID 4536 was terminated abnormally

For me it looks like inconsistency in network account domain user settings, local or group policies, probably some DCOM questions.

Anyone can help?

Thanks in advance.

  • Hello  

    Many thanks for your reply.

    I checked if Network Account is in Local Groups aaAdministrators and ASBSolution - it is.

    SP2023 because I would like to re-create customer's architecture.

    Yesterday I rebuilt VMs. The only difference from previous installation is that there are no warnings about SMS. But on-scan still there - I can deploy and undeploy WinPlatform but not start on-scan.

    While deploying, everything is going well up to marked moment:

    After info and later errors from xxSecurity appeared in log. Errors appeared immediately with warning "Communication error. Request timed out" in IDE:

    Do you know what user is mentioned whose security schema from profile data has failed to load in above log records? Probably it is a source of problem?

    Info xxSecurity CSecurityChecker::internalLoadUserProfileInfo - failed to load security schema from user profile data

    with following errors:

    Error xxSecurity The CheckOperation Permission call is made to xxSecurity, but security information is not initialized
    Error BaseRuntimeComponentServer INVALID HRESULT LINE 1637 FILE D:\ADO\Work\8\s\src\BaseRuntimeComponentServer\CBaseRuntimeObject.cpp hResult 80004005

    Thanks.

  • Hello  

    Finally it's working now. I switched off the online protection of Microsoft Defender Antivirus. Thanks again for your help!

  • Hi  ,

    I am glad that you sorted it out, and thanks for your feedback that the online protection of Microsoft Defender Antivirus actually caused the problem.