Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Microsoft Dynamics GP (Archived) / GP2013R2 Web Client - ...
Microsoft Dynamics GP (Archived)

GP2013R2 Web Client - unable to initialize because one of the accounts is invalid

(0) ShareShare
ReportReport
Posted on by llupardus 35

Attempting to install Web Client for GP2013 R2.  Successfully installed and can launch site.  However, from login screen after entering domain user & password, receive an unexpected error.  Event viewer indicates "Unable to initialize the GPWebUserAccounts security group because one of the accounts is invalid." (full details below)

SQL query of ServiceSecurity table in GPWEBCLIENTSESSIONCENTRAL shows the correct domain account for GPWebUserAccounts (domain\group).  This account is a group in AD, has admin rights to the machine & only users in group are domain admins.  The error is thrown no matter what login we try to use, domain admin or not.

Any help anyone can provide would be appreciated.  

- EventData

  Unable to initialize the GPWebUserAccounts security group because one of the accounts is invalid. System.ArgumentException: Invalid Identity ---> System.Runtime.InteropServices.COMException: The specified directory service attribute or value does not exist. at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_SchemaEntry() at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de) at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options) at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry) at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer() at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit() at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize() at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx() at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate) at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue) at Microsoft.Dynamics.GP.Web.Foundation.DirectoryServices.PrincipalManager.GetPrincipal(String userName) --- End of inner exception stack trace --- at Microsoft.Dynamics.GP.Web.Foundation.DirectoryServices.PrincipalManager.GetPrincipal(String userName) at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() at Microsoft.Dynamics.GP.Web.Foundation.DirectoryServices.PrincipalManager.AddIdentityValues(String principalCollectionKey, IEnumerable`1 identityValues) at Microsoft.Dynamics.GP.Web.Website.Security.AuthenticationHandler.InitializePrincipalManager()

*This post is locked for comments

  • DynamicDiamond Profile Picture
    DynamicDiamond 7 on at
    RE: GP2013R2 Web Client - unable to initialize because one of the accounts is invalid

    We had received the same error as above.  Your fix to remove the invalid entries from the ServiceSecurity table worked.  Thanks!

  • Mitch.M Profile Picture
    Mitch.M 530 on at
    RE: GP2013R2 Web Client - unable to initialize because one of the accounts is invalid

    What happens if dropping the GPCONFIGURATION database and repairing again does not resolve the issue?

  • Derek Albaugh Profile Picture
    Derek Albaugh on at
    RE: GP2013R2 Web Client - unable to initialize because one of the accounts is invalid

    To add on to this, anytime you run a repair or reinstall of Web Client, it's a good idea to drop the existing GPCONFIGURATION database and create a new one, as the repair or reinstall can cause duplicate records to be written  to the database, and if a different account was entered during either of these processes from what was originally entered during the initial install, it can cause Web Client to not know which account it is supposed to use and throw errors such as this.

    Another reason is when initial accounts are used but then deleted, if they show in the GPCONFIGURATION database tables, Web Client may still attempt to use them, even though they don't exist and give the type of errors shown above in this forum.

    Thanks

  • Suggested answer
    kdd281 Profile Picture
    kdd281 465 on at
    RE: GP2013R2 Web Client - unable to initialize because one of the accounts is invalid

    I would run and repair on the install and confirm the proper AD permissions for the service account you are using, confirm the password and also make sure its not set to change the password at the next login.

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: GP2013R2 Web Client - unable to initialize because one of the accounts is invalid

    Quick fix, in the GPCONFIGURATION database, table ServiceSecuirty under GroupID GPWebUserAccounts see if there are any accounts that are invalid or not from the AD, for instance an SQL account or an account from different domain. Delete any unnecessary entries.

    The error is generated because one of the accounts listed in the SeriviceSecuirty table under Group ID WebUserAccounts is invalid.

    Another way to fix this is to delete de GPCONFIGURATION database and run a repair of the gp web client.

  • IceMan Profile Picture
    IceMan 1,115 on at
    RE: GP2013R2 Web Client - unable to initialize because one of the accounts is invalid

    Running into this same problem on GP 2016 R2 Web client solution.  Did you all come up with a solution?

  • Perry Smith - CRi Profile Picture
    Perry Smith - CRi 1,690 on at
    RE: GP2013R2 Web Client - unable to initialize because one of the accounts is invalid

    I am getting the same error on a new Web Client install.

    I have added the service user to have read rights to the OU the groups were created in with no luck.

    Any other ideas?

  • Jonathan Fear Profile Picture
    Jonathan Fear on at
    RE: GP2013R2 Web Client - unable to initialize because one of the accounts is invalid

    The user you are logging in with is part of the group you specified during the install? What is the user running your services? Does that user have read access to the OUs in AD?

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,269 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,198 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans