Skip to Content

Windwos AD plugin in Business Objects does not update recent usergroups

Hello,

we are using SAP Business Objects 4.1 SP4 on Windows Server 2008 r2 machine. there is only one standalone installation, no clustered one.

we are synchronizing users from Windows Active Directory. all things was working fine in months ago. now, Windows AD plugin could not getting updated/Appeared in CMC >> Users and groups.

we tried lots of things

- delete recent windows ad aliases and create again and all neccessary usergroups defining on user properties.

-User was already part of other group. We checked member of but new group was not assigned.

-We deleted all the groups and deleted Windows AD alias. We again assigned Windows AD alias and all required groups got assigned in member of section of user properties.

-Checked the groups are security groups (global, local, universal) not distribution groups as per KBA: 2028868 - Mapped AD group(s) no longer displays some or all of the users

-CMS restarted as well.

users can login the system wirh secWinAD authentication and can work normally.

can anybody help us

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

5 Answers

  • Dec 21, 2018 at 01:45 PM

    I'm not clear on your issue, if users can login then they are already mapped in successfully. Is the issue that the users are not members of the proper groups? There was an issue back near your version where if any empty groups were queried then updates would fail, you will need to logon to launchpad and check SAP note 2118522. This can be worked around by removing any empty groups and was fixed in 4.1 SP6

    -Tim

    Add comment
    10|10000 characters needed characters exceeded

  • Dec 21, 2018 at 02:03 PM

    Hello Tim,

    thanks four your quick response. Our exact problem is,

    1. UserA still exist in BI which is already mapped in GroupA.

    2. We are mapping new user group GroupB in CMC >>Authentication>>WinAD. UserA also member of GroupB in Windows Active Directory side.

    3. GroupB is created without any user in BO by Winad Pluging with scheduled task or manuel update.

    4. After deleting UserA WinAd alliases from user properties and creating new one for WindowsAD, then appearing GroupB on UserA.

    Add comment
    10|10000 characters needed characters exceeded

  • Feb 16 at 10:06 AM

    Hello Tim,

    We upgraded our versiyon to 4.1 SP7 patch1. But issue is still staying. Do you have any other suggestion?

    Thank you.

    Sinan

    Add comment
    10|10000 characters needed characters exceeded

  • Mar 25 at 02:54 PM

    Hello Tim,

    i created trace file and find below logs. we are getting below error message while running authentication plugin

    Failed: 1332, Error 1332: No mapping between account names and security IDs was done.


    |8fd1e309-1aaf-fd24-5b50-c97ac2e1aa5c|2019 03 22 23:35:15:925|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: CAccountEntity::BindIADs() called with a path of CN=USERGROUP,OU=Dist Lists,OU=Resource,DC=xxx,DC=xxxx
    .\ad_acct_entity.cpp:2683:-: TraceLog message 1002946
    |0e2015ab-c2d4-90a4-496d-e9465f23da61|2019 03 22 23:35:15:926|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: CAccountEntity::BindIADs() -- Trying to bind to DC of domain domain
    .\ADNetworkBinding.cpp:573:-: TraceLog message 1002947
    |2fdd6a13-e805-1754-d969-9fac276cf67b|2019 03 22 23:35:15:926|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADNetworkBinding::BindIADsToDomainController() -- called with a path of CN=USERGROUP,OU=Dist Lists,OU=Resource,DC=domain,DC=local
    .\ADNetworkBinding.cpp:703:-: TraceLog message 1002948
    |92c1a8bb-ac89-4054-7833-7b9fc4252c07|2019 03 22 23:35:15:926|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADNetworkBinding::GetDomainController() -- Looking up DC for domain (FQDN)
    .\ADNetworkBinding.cpp:788:-: TraceLog message 1002949
    |22705007-183f-d494-a982-656d1c1bb1b1|2019 03 22 23:35:15:927|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADNetworkBinding::GetDomainController() -- Local site: 09-OPC, DC's site: 09-OPC
    .\ADNetworkBinding.cpp:821:-: TraceLog message 1002950
    |39c9452a-500f-28a4-c9aa-f22a6421220e|2019 03 22 23:35:15:927|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADNetworkBinding::GetDomainController() -- DC for domain is domaincontroller.local
    .\ADNetworkBinding.cpp:640:-: TraceLog message 1002951
    |c047b458-dcaf-66b4-3b26-df5e162d8721|2019 03 22 23:35:15:928|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADNetworkBinding::BindIADsToDomainController() -- Binding to domain controller with LDAP://domaincontroller.local/CN=USERGROUP,OU=Dist Lists,OU=Resource,DC=domain,DC=local -- hr=0
    .\ADNetworkBinding.cpp:644:-: TraceLog message 1002952
    |dbb7cd62-f61e-6b94-4a73-80499a0348ac|2019 03 22 23:35:15:928|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADNetworkBinding::BindIADsToDomainController() -- o_swDomainController set to domaincontroller.local
    .\ADAccountFactory.cpp:460:-: TraceLog message 1002953
    |0cbe2a2c-3489-83d4-a993-1cd85399fc56|2019 03 22 23:35:15:935|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADAccountFactory::AddToCache() -- Called for object of type 2
    .\ADAccountFactory.cpp:491:-: TraceLog message 1002954
    |bd8028af-f482-8784-ba97-36f65cec7e97|2019 03 22 23:35:15:935|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADAccountFactory::AddToCache() -- Added CN=USERGROUP,OU=Dist Lists,OU=Resource,DC=domain,DC=local to cache.
    .\ad_impl.cpp:1926:-: TraceLog message 1002955
    |98b85d88-ddac-7fd4-d8be-4f5b1fd35f15|2019 03 22 23:35:15:935|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: CADImpl::GetGroupId() -----------------------------------------------------------
    .\ADAccountFactory.cpp:46:-: TraceLog message 1002956
    |bc37d6ab-ef0d-b4b4-0a90-5e852c74d146|2019 03 22 23:35:15:961|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADAccountFactory::GetAccount() called for S-1-5-21-1677146410-562372274-643713613-1060807
    .\ADAccountFactory.cpp:393:-: TraceLog message 1002957
    |3bc825a0-3b38-86a4-7a95-409b5a8d9ec7|2019 03 22 23:35:15:961|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADAccountFactory::GetFromNT() -- Called for S-1-5-21-1677146410-562372274-643713613-1060807
    .\ad_acct_entity.cpp:3886:-: TraceLog message 1002958
    |18e33ac4-846a-4f74-898d-5c2d2343a58c|2019 03 22 23:35:15:961|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: CAccountEntity::ConvertDomainToNTFormat() -- Looking up DOMAIN
    .\ad_acct_entity.cpp:3893:-: TraceLog message 1002959
    |029c9eff-a37f-62c4-e8a5-b2052756c400|2019 03 22 23:35:15:961|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: CAccountEntity::ConvertDomainToNTFormat() -- DOMAIN is already in NT format.
    .\ad_acct_entity.cpp:418:-: TraceLog message 1002960
    |cf96750e-bab8-2724-d939-6175ecaa6ed8|2019 03 22 23:35:15:961|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: CAccountEntity::InitFromNTName -- Looking up DOMAIN\S-1-5-21-1677146410-562372274-643713613-1060807
    .\ad_acct_entity.cpp:455:-: TraceLog message 1002961
    |933d4097-0baf-4d84-ba40-a1cfcc60c42c|2019 03 22 23:35:15:974|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: CAccountEntity::InitFromNTName() -- LookupAccountName() Failed: 1332, Error 1332: No mapping between account names and security IDs was done.
    .\ADAccountFactory.cpp:408:-: TraceLog message 1002962
    |1abd84fc-ee9e-90a4-c870-f224ca1e179e|2019 03 22 23:35:15:974|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADAccountFactory::GetFromNT() -- Could not initialize account.
    .\ADAccountFactory.cpp:46:-: TraceLog message 1002963
    |07b30909-1e09-d144-cb37-c8d0c823e5e3|2019 03 22 23:35:15:974|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADAccountFactory::GetAccount() called for S-1-5-21-1677146410-562372274-643713613-1060807
    .\ADAccountFactory.cpp:249:-: TraceLog message 1002964
    |57ab62e5-b35c-eb24-aab2-2d1994ddb6fa|2019 03 22 23:35:15:974|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADAccountFactory::GetFromSid() -- Sid not found in cache: S-1-5-21-1677146410-562372274-643713613-1060807
    .\ad_acct_entity.cpp:2857:-: TraceLog message 1002965
    |07daf897-961f-7ef4-09f9-e07b439a86eb|2019 03 22 23:35:15:974|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: CAccountEntity::BindIADsToLDAPFromSid() -- called with a sid of S-1-5-21-1677146410-562372274-643713613-1060807
    .\ad_acct_entity.cpp:3340:-: TraceLog message 1002966


    error log

    Add comment
    10|10000 characters needed characters exceeded

  • Mar 27 at 04:56 PM

    That's actually not an error it's seen when everything works as well RE: "Failed: 1332, Error 1332: No mapping between account names and security IDs was done"

    I'd remove your domain name from the above logs if you can edit the post. I don't see any particular mapping failures in your log. Look up "UserReloadThread: fetch" or just "UserReloadThread" that thread shows the results, else errors of failed mapping are usually something along the lines of domain or SID not found...

    -Tim

    Add comment
    10|10000 characters needed characters exceeded