https://community.netapp.com/t5/Active-IQ-Unified-Manager-Discussions/Domain-account-sometimes-denied-access/m-p/28300#M5902 <HTML><HEAD></HEAD><BODY><P>I'm running OnCommand Operations manager 5.0 on a dedicated server.&nbsp; I have the OnCommand host service running as a domain account, and in OnCommand, I am having it connect to all of my controllers using a domain account.&nbsp; This domain account is in the Administrators group on all filers.</P><P></P><P>However, since I set this up, I see many errors denying access to my domain account in the messages logs on all my controllers.&nbsp; OnCommand appears to function, so it's getting partial access.</P><P></P><P>Here is the message I get:</P><P></P><P>User 'MyDomain\MyDomainAccount' denied access - missing required capability: 'api-perf-object-get-instances'</P><P></P><P>I've verified the following:</P><P></P><P>- I can connect to the controller via SSH using this domain acount.&nbsp; I run the stats list instances system with success.</P><P>- I can connect via HTTP/HTTPS using powershell with the domain credentials (Using Powershell):</P><P></P><P>Connect-NaController ctrl1 -HTTPS -Credential (Get-Credential)</P><P>Get-NaPerfInstance system</P><P></P><P>-&nbsp; I can connect to the controller using OnCommand System Manager 2.0</P><P></P><P>The domain user has Administrator access, which includes the admin role, which has the api-* capability.&nbsp; I can't figure out why I'm getting any access denied messages at all.</P><P></P><P>Any ideas?</P></BODY></HTML> Thu, 05 Jun 2025 06:41:33 GMT bsti 2025-06-05T06:41:33Z https://community.netapp.com/t5/Active-IQ-Unified-Manager-Discussions/Domain-account-sometimes-denied-access/m-p/28300#M5902 <HTML><HEAD></HEAD><BODY><P>I'm running OnCommand Operations manager 5.0 on a dedicated server.&nbsp; I have the OnCommand host service running as a domain account, and in OnCommand, I am having it connect to all of my controllers using a domain account.&nbsp; This domain account is in the Administrators group on all filers.</P><P></P><P>However, since I set this up, I see many errors denying access to my domain account in the messages logs on all my controllers.&nbsp; OnCommand appears to function, so it's getting partial access.</P><P></P><P>Here is the message I get:</P><P></P><P>User 'MyDomain\MyDomainAccount' denied access - missing required capability: 'api-perf-object-get-instances'</P><P></P><P>I've verified the following:</P><P></P><P>- I can connect to the controller via SSH using this domain acount.&nbsp; I run the stats list instances system with success.</P><P>- I can connect via HTTP/HTTPS using powershell with the domain credentials (Using Powershell):</P><P></P><P>Connect-NaController ctrl1 -HTTPS -Credential (Get-Credential)</P><P>Get-NaPerfInstance system</P><P></P><P>-&nbsp; I can connect to the controller using OnCommand System Manager 2.0</P><P></P><P>The domain user has Administrator access, which includes the admin role, which has the api-* capability.&nbsp; I can't figure out why I'm getting any access denied messages at all.</P><P></P><P>Any ideas?</P></BODY></HTML> Thu, 05 Jun 2025 06:41:33 GMT https://community.netapp.com/t5/Active-IQ-Unified-Manager-Discussions/Domain-account-sometimes-denied-access/m-p/28300#M5902 bsti 2025-06-05T06:41:33Z https://community.netapp.com/t5/Active-IQ-Unified-Manager-Discussions/Domain-account-sometimes-denied-access/m-p/28304#M5903 <HTML><HEAD></HEAD><BODY><P> I got an answer to this on the NetApp forums.&nbsp; It's apparently a bug:</P><P></P><P><A href="http://now.netapp.com/NOW/cgi-bin/bol?Type=Detail&amp;Display=310141" target="_blank">http://now.netapp.com/NOW/cgi-bin/bol?Type=Detail&amp;Display=310141</A></P></BODY></HTML> Fri, 11 Nov 2011 02:54:35 GMT https://community.netapp.com/t5/Active-IQ-Unified-Manager-Discussions/Domain-account-sometimes-denied-access/m-p/28304#M5903 bsti 2011-11-11T02:54:35Z