CA RA Error while trying to fetch users authorities from Active Directory using tokenGroups

Document ID : KB000116864
Last Modified Date : 03/10/2018
Show Technical Document Details
Issue:
In the  nolio_dm_all.log files, this message presents:  "Error while trying to fetch users authorities from Active Directory using tokenGroups". 
Environment:
CA Release Automation 6.x
Cause:
The message may present if ​the end users are trying to login and are experiencing an HTTP 500 error or with LDAP integration not working correctly. This is often due to a missing domain suffix (ie: user1 vs user1@domain.com). 
Resolution:
The users' LDAP entry for "UserPrincipalName" may be missing the domain suffix (ie user1@domain.com vs user1) or in the distributed.properties file that is used to configure the LDAP integration, the AD login user is missing a domain suffix.
Additional Information:
Another potential cause for the error is documented here:

https://comm.support.ca.com/kb/deployment-could-hang-intermittent-when-ra-is-configured-to-authenticate-against-ldap-servers-which-are-configured-with-round-robin/kb000008330