System was running fine with EBO version 3.2.3 and Active Directory (AD) integration. But after upgrading to EBO version 2022 no AD user could login to the ES.
The Workstation Error when trying to login is: User_Not_Associated_With_A_Group
And the error message seen in the ES trace log is:
WinES\server\nsp_servers\csc\accountaccess\source\AccountAccess.cpp(486) Workstation Error: User_Not_Associated_With_A_Group (0xc002a) in module Account_Access(28).
EcoStruxure Building Operation
Building Operation Enterprise Server
The Windows AD integration performance in EBO was improved in version 2022 by storing and comparing the SID for the AD-groups. During the upgrade from version 3.2.3 to EBO 2022 all EBO groups should have been updated with an AD-connected group SID. This was not done as the AD server was offline when doing the upgrade of the ES.
If turning on the below property in the properties the old way used in EBO version 3.2.3 of matching groups during logon will be used:
In the "ES.properties" file usually placed in C:\Program Files (x86)\Schneider Electric EcoStruxure\Building Operation 4.0\Enterprise Server\etc\config
add and save:
NspServer.Windows.Group.MatchByName = true
To utilize the AD performance improvement in EBO 2022 re-connect the AD group to their respective EBO group. This is done by changing the "Windows group name" property in the EBO group to anything else or an empty string and then change it back to its proper value, i.e. the AD group name.
Doing so should correctly populate the hidden "External SID" property for the EBO groups that is missing as the upgrade was done with no connection to the AD server.