Dashboard 6.2 - all users locked out except admin RRS feed

  • Question

  • Hello,

    We are using Dashboard 6.2 (still in process of upgrading to 6.3). As of 2 or 3 days ago, all users started getting a message as soonas they tried to open the dashboard web page. The error message logged in the Application Event Viewer is:

    Event Type: Warning
    Event Source: ASP.NET 2.0.50727.0
    Event Category: Web Event
    Event ID: 1309
    Date:  28/06/2011
    Time:  1:22:47 PM
    User:  N/A
    Computer: WVYARSQ01
    Event code: 3005
    Event message: An unhandled exception has occurred.
    Event time: 28/06/2011 1:22:47 PM
    Event time (UTC): 28/06/2011 3:22:47 AM
    Event ID: 42f682353a6b464ba6252a6f036ad837
    Event sequence: 2
    Event occurrence: 1
    Event detail code: 0
    Application information:
        Application domain: /LM/W3SVC/1/Root/Dashboard-1-129537049494243337
        Trust level: Full
        Application Virtual Path: /Dashboard
        Application Path: C:\Inetpub\wwwroot\PDS\
        Machine name: WVYARSQ01
    Process information:
        Process ID: 5640
        Process name: w3wp.exe
    Exception information:
        Exception type: ArgumentException
        Exception message: The binary form of an ACE object is invalid.
    Parameter name: binaryForm
    Request information:
        Request URL: http://appproclaritysa/dashboard/Default.aspx
        Request path: /dashboard/Default.aspx
        User host address:
        User: DOMAIN\VALID_USER 
        Is authenticated: True
        Authentication Type: Negotiate
        Thread account name: NT AUTHORITY\NETWORK SERVICE
    Thread information:
        Thread ID: 1
        Thread account name: NT AUTHORITY\NETWORK SERVICE
        Is impersonating: True
        Stack trace:    at System.Security.AccessControl.GenericAce.CreateFromBinaryForm(Byte[] binaryForm, Int32 offset)
       at System.Security.AccessControl.RawAcl.SetBinaryForm(Byte[] binaryForm, Int32 offset)
       at System.Security.AccessControl.RawSecurityDescriptor..ctor(Byte[] binaryForm, Int32 offset)
       at System.DirectoryServices.ActiveDirectorySecurity..ctor(Byte[] sdBinaryForm, SecurityMasks securityMask)
       at System.DirectoryServices.DirectoryEntry.GetObjectSecurityFromCache()
       at System.DirectoryServices.DirectoryEntry.get_ObjectSecurity()
       at ProClarity.Dashboard.Security.ActiveDirectoryDashboardProvider.IsUserInRole(String userName, String roleName)
       at ProClarity.Dashboard.Security.SecurityManager.IsUserInRole(String providerName, String name, String roleName)
       at ProClarity.Dashboard.SecurityHandler.DashboardSecurity.IsUserInProviderRole(String providerName, String name, String roleName)
       at ProClarity.Dashboard.SecurityHandler.DashboardSecurity.ValidateWindowsTicket(Boolean bOverrideCache)
       at ProClarity.Dashboard.SecurityHandler.DashboardSecurity.ValidateWindowsTicket()
       at ASP.global_asax.Application_AuthenticateRequest(Object sender, EventArgs e)
       at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
       at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
    Custom event details:

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    The user is presented with a brief error message and can go no further.

    (I've replaced the real domain with DOMAIN\VALID_USER in the above message). Everything was OK until around the middle of the day 3 days ago, and it still works for me (admin and first person to set up a dashboard). We've been using it for at least 2 years. ProClarity is still working OK.

    I have asked our infrastructure/apps people to check for any security or LDAP changes.  What other steps can I take to investigate and/or fix this? I will try restarting IIS and the SQL server this evening, but not holding out much hope.

    I have looked at the security provider but do not have permissions or knowledge to do much there.



    • Edited by Les R Tuesday, June 28, 2011 7:34 AM Formatting
    Tuesday, June 28, 2011 7:33 AM

All replies

  • Hello,

    A workaround for this is to set up all users as Administrators. Not a nice thing to have to do, but does work.

    Thursday, July 7, 2011 2:20 AM
  • Just out of interest, in October 2011 we migrated our systems to a new data centre provider, which involved a complete rebuild and re-install. This problem went away (although several others surfaced).

    Thursday, November 24, 2011 11:25 PM
  • Spoke too soon.

    In the new environment, ordinary users suddenly lost visibility of all dashboards (including their own). Again, the only way to fix this was to make everyone an administrator. I have no idea what triggered this change, nor why being an administrator would make any difference.

    Tuesday, November 29, 2011 3:43 AM