I have a brand new core, 9.0 SP3. I am attempting to log in for the first time, and I get "The user is not a member of a local LANDesk security group" error. Multiple user IDs get this error. All user IDs are members of LANDesk Administrators and LANDesk Management Suite groups. There are no errors in the event log related to this (other posts mentioned event ID 500, that's not present). Searching through the rest of the forums, there does not appear to be an answer that I have found yet. I know some individuals post the "add accounts to all three groups, and read up on RBA", but this is the first login, so RBA is not set up yet. The COM+ have been changed to use a domain account.
If anyone has any suggestions, they would be appreciated. Thanks.
Concentrate on members of the LANDesk Administrators group to start with.
Add the local Administrator account and check a domain accoutn is in there too.
Try logging in with the domain account (make sure to prefix the user with the domain e.g. domain\user
if that fails, then try logging in as the local administrator.
If local works then it is having issues trying to read the directory for authentication and we can start looking into that.
LANDesk Silver ESP
The One-Stop Shop for LANDesk Enhancements
Was already using domain\user with a domain account in the group. Tried multiple domain admins in the group.
Added the local account, and it fails with the same error. So local or domain cannot log in.
Whoever was logged into the computer when LDMS was installed will have admin rights to the server. This user should have no issues logging in for the first use and configuration. If this user cannot log in, your AD LANDESK service account or AD connector may not be working correctly.
Here is how we have it set up:
Three groups on the core: LANDesk Administrators; LANDesk Management Suite; LANDesk Script Writers
Three groups in AD: LANDesk Administrators; LANDesk Console Users; LANDesk Script Writers. These groups are in their own OU named LANDESK. In this OU, we also have a service account with domain admin rights which is used by LANDesk services to do what it needs over the network.
We add domin users who will be LANDesk admins in both the LANDesk administrator group in AD and the LANDesk administrator group locally on the core. Relying on nested groups here does not seem to work. You have to add the users, not just the group, to the core security group and domain security group. Their permissions are then set in the console user interface.
All domain user who will be console users are placed in the domain\LANDesk Management Suite and the core\LANDesk Management Suite groups. Again, relying on nested groups here does not seem to work. Their permissions are then set in the console user interface.
Both the domain\LANDesk Administrators group and the domain\LANDesk Management Suite group are placed in the domain\LANDesk Script Writers group. So any nested users in either group will be script writers. Nested groups seem to work with the script writers gropus(??? Still haven't figured it out, Could be our AD). We add domain\LANDesk Script Writers to the core\LANDesk Script Writers group. This gives the domain groups listed above local (core) script writer privilege.
I used the RBA(role based admin) bkm to set it up.
All that said, if whover did this install cannot login to the console, then there is a problem for which you should open a support ticket, if possible.