cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Windows AD - Invalid group cannot find group

michael_jennings
Participant

on ‎06-21-2018 6:36 PM

0 Kudos

Hi all,

I am trying to set up SSO on a new BusinessObjects XI 4.2 sp5 server. I have a service account that has access to AD. However, when I put the name of Group AD I get the following error:

Invalid group name, cannot find group (CN=UserGroup,CN=Users,DC=terminator,DC=local).

I retrieved the distinguishedName of Group from Windows AD Server on tab "attribute editor" of his properties.

I am able add without issue the "AD Administrator name" and "Default AD Domain" on Cmc but unfortunately I'm stuck during the mapping of AD Group .

N.B.

I'm administrator of SAP BI Server and Windows AD Server.

Any ideas?

Best regards MJ

Show replies
Show replies
former_member758681
Discoverer
‎07-23-2021 1:13 PM
0 Kudos

Dear Michael Jennings,

I install SAP BI4.2 on windows server 2016 and exported the users and groups manually using the import wizard from SAP BOXI 3.1 then imported with Upgrade Management Tools from SAP BI 4.2.

I created the service account and configured the SPNs and the SAP BI4.2 server, but I haven't used Windows AD, I have this same error in my CMS log.

(false: WINAD: CAccountEntity :: InitFromSid () - BindIADsToLDAPFromSid hr = -2147467259)

Have you already solved this problem?

Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

michael_jennings
Participant
‎06-25-2018 8:13 AM
0 Kudos

Dear All,

Is the CMS trace the only trace that I have to activate in order to analyze the issue?

Best regards,

MJ

Show replies
Show replies
michael_jennings
Participant
‎06-22-2018 11:12 AM
0 Kudos

Dear Dell,

thank you about your response.

----------------------------------

The KB 1886178 could be usefull in order to analize the issue.

Below I report the CMS trace log during the mapping of AD Group:

Assert failure: (ad_acct_entity.cpp:152). (false : WINAD: CAccountEntity::InitFromSid() -- BindIADsToLDAPFromSid hr=-2147467259). NameServer.cpp:1408:-: TraceLog message 80

Best regards,

MJ

Show replies
Show replies
former_member758681
Discoverer
‎07-23-2021 1:14 PM
0 Kudos

Dear Michael Jennings,

I install SAP BI4.2 on windows server 2016 and exported the users and groups manually using the import wizard from SAP BOXI 3.1 then imported with Upgrade Management Tools from SAP BI 4.2.

I created the service account and configured the SPNs and the SAP BI4.2 server, but I haven't used Windows AD, I have this same error in my CMS log.

(false: WINAD: CAccountEntity :: InitFromSid () - BindIADsToLDAPFromSid hr = -2147467259)

Have you already solved this problem?

DellSC
Active Contributor
‎06-21-2018 7:06 PM
0 Kudos

If the group is in the default domain that is set in the properties, I usually use the just the group name instead of the full distinguished name when I add an AD group to this screen. When you do a group update at the bottom of the screen, it will pull the distinguished name. In the documentation for configuring AD authentication ("Configuring Active Directory Manual Authentication and SSO for BI4" by Steve Fredell) it mentions KBAs 1199995 and 147634 for troubleshooting issues when mapping groups.

-Dell

Show replies
Show replies
Ask a Question