Thursday, March 13, 2008

TPM 5.1 and MS Active Directory issue

After doing a clean install of TPM 5.1 (no fixpack yet, coming soon) and using MSAD, I was unable to logon to the TPM webpage. The message displayed was "You are not authorized to access the system. Contact your system administrator. Click here to try again". This is not the message for a bad password. For that you would see bad user name or password.

So after digging around I found that only the tioappadmin user id and a few of the roles were created. None of the permission groups where created and the tioappadmin id was not added to the SuperUser group. This happened due to an issue when the first attempt was done by the Topology Installer to perform this step. On the first attempt, I had the active directory set in mixed-mode which does not allow some of the features required in the tiodata.ldif.

To solve this problem (after changing the MSAD mode), I re-imported the tiodata.ldif (most likely in C:\Documents and Settings\Administrator\Local Settings\temp) file using LDIFDE.EXE. Since some of the entries where created, the -k switch is required to ignore existing entries. The syntax is as follows:
ldifde -i -k -f tiodata.ldif.

Now it all works :)

No comments: