The EBO system previously operated as expected with Active Directory (AD) integration. Following an upgrade or hotfix, AD users are unable to authenticate and log in to the Enterprise Server (ES).

Error(s) message in ES trace log may include:

WinES\server\nsp_servers\csc\accountaccess\source\AccountAccess.cpp(486)
Workstation Error: User_Not_Associated_With_A_Group (0xc002a)
in module Account_Access(28).

To enable the legacy method of matching groups during logon, configure the following property:

Steps:

• Open the ES.properties file, typically located at:

  C:\Program Files (x86)\Schneider Electric EcoStruxure\Building Operation 4.0\Enterprise Server\etc\config
  

• Add the following line:

  NspServer.Windows.Group.MatchByName = true
  

• Save the file and restart the Enterprise Server for the changes to take effect.

To take advantage of the Active Directory (AD) performance enhancements introduced in recent versions of EcoStruxure Building Operation, it is necessary to re-establish the link between AD groups and their corresponding EBO groups.

Procedure:

1. Open the relevant EBO group configuration.
2. Locate the Windows group name property.
3. Temporarily change its value to an empty string or any placeholder text.
4. Re-enter the correct value, which should match the associated AD group name.
5. Save the changes to complete the re-connection process.

Completing the previously described procedure ensures that the hidden External SID property for the EBO groups is correctly populated. This property was not updated during the upgrade because the process was performed without an active connection to the AD server.