cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can someone confirm if errors with GetGroupsFromActiveDirectory indicates an with AppPortal or AppBroker or ActiveDirectory?

I am trying to determine why access to our AppPortal GUI appeared to be unavailable for a certain time period or if the authentication attempt issues was a result of AppPortal trying to validate software requests to SCCM.  I would guess an issue with Active Directory but want to confirm the log message is accurate. 

Error snippet below is from UserLog\ZZ_XXXXXXXX (username and domain was changed here to protect data)

Making call to get Group membership. Domain = NA; UniqueName = ZZ\XXXXXXXX Proceed 12/6/2021 3:58:58 AM 1 (0x0001)
Triggered method GetGroupsFromActiveDirectory GetGroupsFromActiveDirectory 12/6/2021 3:58:58 AM 1 (0x0001)
HasUntrustedDomains = FALSE GetGroupsFromActiveDirectory 12/6/2021 3:58:58 AM 1 (0x0001)
Error : GetPageAccessLevel failed to get Member Groups at - Retrieving the COM class factory for component with CLSID {274FAE1F-3626-11D1-A3A4-00C04FB950DC} failed due to the following error: 800703fa Illegal operation attempted on a registry key that has been marked for deletion. (Exception from HRESULT: 0x800703FA). Proceed 12/6/2021 3:58:58 AM 1 (0x0001)
Trying to get GUID for UniqueName ZZ\XXXXXXXX Proceed 12/6/2021 3:58:58 AM 1 (0x0001)
NULL GUID returned Proceed 12/6/2021 3:58:58 AM 1 (0x0001)

(1) Solution
CharlesW
By Level 12 Flexeran
Level 12 Flexeran

I've seen this reported on occasion. It is not really directly related to either App Broker or Active Directory. Typically, you can resolve the issue permanently by changing a group policy setting on the server. If you look at the resolution section in the following article, it is mentioned that there is a group policy setting that can resolve the behavior.

A COM+ application may stop working in Windows when a user logs off 

To summarize, try setting the "Do not forcefully unload the user registry at user logoff " group policy to "enabled". The policy can be found in the group policy editor (gpedit.msc) under Computer Configuration->Administrative Templates->System-> UserProfiles

View solution in original post

(2) Replies
CharlesW
By Level 12 Flexeran
Level 12 Flexeran

I've seen this reported on occasion. It is not really directly related to either App Broker or Active Directory. Typically, you can resolve the issue permanently by changing a group policy setting on the server. If you look at the resolution section in the following article, it is mentioned that there is a group policy setting that can resolve the behavior.

A COM+ application may stop working in Windows when a user logs off 

To summarize, try setting the "Do not forcefully unload the user registry at user logoff " group policy to "enabled". The policy can be found in the group policy editor (gpedit.msc) under Computer Configuration->Administrative Templates->System-> UserProfiles

Any time I see that message about a registry key being marked for deletion, I just reboot my server and it clears up.  Good to know there is a better solution.  Thanks, Kevin, for raising the question, and thanks, Charles, for the answer!

Anything expressed here is my own view and not necessarily that of my employer, Flexera. If my reply answers a question you have raised, please click "ACCEPT AS SOLUTION".
Top Kudoed Authors