Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Microsoft Dynamics GP (Archived) / Session Central Server...
Microsoft Dynamics GP (Archived)

Session Central Server won't start: Invalid Identity error

(0) ShareShare
ReportReport
Posted on by eprevost 215

Hi,

I installed the GP web client in a single host configuration on a Windows 2012 R2 server.  All the installation procedure went without any problem, but Session Central service won't start.

An error is reported in the dynamics log in Event Viewer: An error occurred during session central service initialization: 'System.ArgumentException: Invalid Identity ---> System.Runtime.InteropServices.COMException: The specified directory service attribute or value does not exist..  (The full error is at the end of this message.)

Is there any requirements regarding the domain?  Our domain controllers are still Windows 2003 R2.

Thank you for your help,

Eric

Full error message in event viewer:

An error occurred during session central service initialization: 'System.ArgumentException: Invalid Identity ---> System.Runtime.InteropServices.COMException: The specified directory service attribute or value does not exist.

  at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)

  at System.DirectoryServices.DirectoryEntry.Bind()

  at System.DirectoryServices.DirectoryEntry.get_SchemaEntry()

  at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)

  at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)

  at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry)

  at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()

  at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()

  at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()

  at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()

  at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)

  at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithType(PrincipalContext context, Type principalType, IdentityType identityType, String identityValue)

  at Microsoft.Dynamics.GP.Web.Services.DirectoryServices.PrincipalManager.GetPrincipal(String userName)

  --- End of inner exception stack trace ---

  at Microsoft.Dynamics.GP.Web.Services.DirectoryServices.PrincipalManager.GetPrincipal(String userName)

  at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

  at Microsoft.Dynamics.GP.Web.Services.DirectoryServices.PrincipalManager.AddIdentityValues(String principalCollectionKey, IEnumerable`1 identityValues)

  at Microsoft.Dynamics.GP.Web.Services.Session.Service.SessionCentralService.InitializePrincipalManager()

  at Microsoft.Dynamics.GP.Web.Services.Session.Service.SessionCentralService..ctor()'.

*This post is locked for comments

  • nboettcher Profile Picture
    nboettcher 270 on at
    RE: Session Central Server won't start: Invalid Identity error

    I have also ran into this same issue and in addition to read access to the Computers container, you also need read access to the Users container.

  • Verified answer
    eprevost Profile Picture
    eprevost 215 on at
    RE: Session Central Server won't start: Invalid Identity error

    Hi Daryl,

    That was it, the user needed read permission on the Computers OU in Active Directory!  The service now starts properly.

    Thank you very much!

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Session Central Server won't start: Invalid Identity error

    Hi Eric,

    In doing some additional research on the .NET code that validates the domain user, I remembered that the code requires that the Session Central Service account have read permissions to the following AD objects.

        Users

        Groups

        Users group where the account to be validated resides (if not in Users)

        Computers

        OU the users/groups are in

    We had a case in which the accounts/groups to validate were in an OU, but because of how this code works it starts looking at the objects higher up when a specific OU is not provided. The result being that the service account needs read permissions to these objects or the code throws an exception.

    Here is a blog post on it if you are interested - blogs.msdn.com/.../getting-an-exception-the-specified-directory-service-attribute-or-value-does-not-exist-when-you-try-to-search-a-user-in-an-ad-container-using-system-directoryservices-accountmanagement-userprincipal-findbyidentity.aspx

    Thanks

    Daryl

  • eprevost Profile Picture
    eprevost 215 on at
    RE: Session Central Server won't start: Invalid Identity error

    Hi Daryl,

    Our network contains multiple domains with trusts, but the server were the web client is installed, the database server, all the user accounts involved (session central service, session service, app pool in iis, users), and the 2 security groups are all part of the same domain.

    Thank you

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Session Central Server won't start: Invalid Identity error

    Eric,

    The account doesn't need any special permissions. Mine is just a member of the built-in domain users security group. Are you using multiple domains with trusts or is this a single domain scenario?

    Thanks

    Daryl

  • eprevost Profile Picture
    eprevost 215 on at
    RE: Session Central Server won't start: Invalid Identity error

    Hi Daryl,

    Session Central Service is configured to run with a domain account.  The groups specified for web client access and web management console access are domain global security group.

    Does the session central service account require special permissions in active directory?

    Thank you.

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Session Central Server won't start: Invalid Identity error

    Hi Eric,

    My name is Daryl Anderson. I am a program manager on the GP development team. I would like to ask a couple of questions to help resolve the issue you are experiencing.

    Are the service accounts and groups you provided domain accounts/groups or local Windows accounts/groups? If the account/group being validated are domain accounts/groups, the Session Central Service account needs to be a domain account.

    We didn't specifically test on a domain with Windows 2003 R2 domain controllers, but from research it appears that the .NET code that is failing should work on Windows 2000 and later domains. It sounds more like a communications issue with finding the domain controller to validate against or having the permissions to validate the account on the domain controller.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,269 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,198 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans