on 07-19-2018 4:03 PM
ccm-accessisdenied.jpgadplug-in1.jpgadplug-in2.jpgtomcatjavaconfig.jpgkrb5.jpgbsclogin.jpgad-1.jpgad-2.jpg
We're still receiving the error message 'Access is Denied' when attempting to connect via CCM using AD Authentication. This leads me to believe it is not Tomcat Java related. Where should I look first to determine the cause of this error?
We've successfully installed BI 4.2 sp5, but are having issues with AD Authentication on the BI Launchpad. Error: "Account information not recognized: Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again." Attempt via CCM provides the error message "Access is Denied".
This is a pre-production environment. Our current working environment is BI 4.1. All domain references are the same as our working environment.(host and service account references represent those of the new environment, but in the same locations in configuration as the working environment). This includes the AD plug-in on the CMC, krb5.ini,bscLogin.conf files, java configuration with the added lines to reference these files. We've followed the KBA/note 2629070 and created a new SPN for the new host server and service account.
The service account is successful in logging-in to the host server.
Does this sound like an issue with some hidden configuration with Tomcat and Java? Not communicating with AD?
Attached are the relevant screenprints for reference:
This has been resolved. the bsLogin.conf file had an incorrect reference to businessobjects. instead it read businessobject2
Windows AD Authentication is now successful via BI Launchpad.
Thank you for all your help.
com.businessobjects.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required debug=true;
};
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I am not very sure but one observation comparing with sap note.You have put the AD domain name in CAPS under the "AD Administrator name" but in the sap note it is in the small.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
82 | |
10 | |
10 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.