Error 5045 when entering responses
im...@basildonprimary.org.uk
Apologies in advance if I am posting in the wrong place or falling foul of this groups posting etiquette but I am new to PWM and still finding my feet.
I have been trying to setup PWM on a Windows Server 2008 R2 DC for a local Primary School but cannot get it to accept the response replies. After pressing save the program pauses for a short while then displays error 5045..please contact administrator.
I have googled and trawl through the forum looking for a tip to resolve this but need so specific guidance to help me resolve.
Here is what I have done so far following the Windows OS install instructions from project pages:
1) Installed AD CS role on win2k8r2 server.
2) Created a personal certificate to be used with PWM
3) Installed latest JRE (8u144)
4) Installed latest Tomcat (8.5) using port 9999 (the other recommended ports were already in use)
5) Installed latest PWM (pwm-1.8.0-SNAPSHOT-2017-09-25T10_18_28Z-release-bundle)
6) Used LDIF for active directory and LIDFDE to extend schema and made sure that authenticated users have write access to pwmResponseSet
7) Created PWM-Proxy and PWM-Test AD accounts (PWM-Proxy has admin privileges, PWM-Test has standard user privileges).
8) Successfully completed the initial setup wizard with each test button coming back with green 'good' reply.
9) Restarted machine then successfully connected to http://machinename:9999/pwm with chrome browser, signed in using a domain user account, completed security responses but when I hit save get error 5045.
logfile entries are:
2017-10-01T10:28:19Z, INFO , auth.LDAPAuthenticationRequest, {20} authID=1, successful ldap authentication for UserIdentity{"userDN":"CN=Protek Test,OU=Teachers,OU=Staff,DC=wfi,DC=<domain name>,DC=org","ldapProfile":"default"} (31ms) type: AUTHENTICATED, using strategy BIND, using proxy connection: false, returning bind dn: CN=Protek Test,OU=Teachers,OU=Staff,DC=wfi,DC=<domain name>,DC=org [172.20.111.<x>]
2017-10-01T10:28:19Z, INFO , event.AuditService, audit event: {"perpetratorID":"Protek","perpetratorDN":"CN=Protek Test,OU=Teachers,OU=Staff,DC=wfi,DC=<domain name>,DC=org","perpetratorLdapProfile":"default","sourceAddress":"172.20.111.<x>","sourceHost":"172.20.111.<x>","type":"USER","eventCode":"AUTHENTICATE","guid":"9e4f8419-7406-497d-a139-d418a77e7bb6","timestamp":"2017-10-01T09:28:19Z","message":"type=AUTHENTICATED, source=LOGIN_FORM","narrative":"Protek (CN=Protek Test,OU=Teachers,OU=Staff,DC=wfi,DC=<domain name>,DC=org) has authenticated","xdasTaxonomy":"XDAS_AE_AUTHENTICATE_ACCOUNT","xdasOutcome":"XDAS_OUT_SUCCESS"}
2017-10-01T10:29:34Z, WARN , cr.ChaiResponseSet, ldap error writing response set: javax.naming.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
]
2017-10-01T10:29:34Z, ERROR, operations.CrService, error saving responses via LDAP, error: 5045 ERROR_WRITING_RESPONSES (error writing user responses to ldap attribute 'pwmResponseSet': javax.naming.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
])
2017-10-01T10:29:34Z, ERROR, servlet.SetupResponsesServlet, {20,Protek} 5045 ERROR_WRITING_RESPONSES (response storage only partially successful; attempts=1, successes=0, detail={"LDAP":"error saving responses via LDAP, error: 5045 ERROR_WRITING_RESPONSES (error writing user responses to ldap attribute 'pwmResponseSet': javax.naming.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0\n\u0000])"}) [172.20.111.<x>]
2017-10-01T10:29:34Z, ERROR, http.PwmResponse, {20,Protek} 5045 ERROR_WRITING_RESPONSES (response storage only partially successful; attempts=1, successes=0, detail={"LDAP":"error saving responses via LDAP, error: 5045 ERROR_WRITING_RESPONSES (error writing user responses to ldap attribute 'pwmResponseSet': javax.naming.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0\n\u0000])"}) [172.20.111.<x>]
Sorry to be so verbose but I am trying to cover all the bases and move forward as I believe that this would be a great solution for the school. I am not a 'black belt' in any of this so please be patient in your replies.
Please can you tell me what I must do next to diagnose and fix this 5045 error.
Thanks in advance.
Julian
iMSP
Jason Rivard
im...@basildonprimary.org.uk
Hi,
Thank you Jason for the reply. I have checked permissions by loading the ADSI Edit plugin into the MMC and connecting to the Schema > browsing to CN=pwmResponseSet and right-clicking then selecting properties. This shows that Authenticated Users have Full control (even tried adding Everyone with Full Control) but still problem persists.
Where to next please?
