cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Windwos AD plugin in Business Objects does not update recent usergroups

former_member295311
Explorer

on ‎12-21-2018 9:42 AM

0 Kudos

Hello,

we are using SAP Business Objects 4.1 SP4 on Windows Server 2008 r2 machine. there is only one standalone installation, no clustered one.

we are synchronizing users from Windows Active Directory. all things was working fine in months ago. now, Windows AD plugin could not getting updated/Appeared in CMC >> Users and groups.

we tried lots of things

- delete recent windows ad aliases and create again and all neccessary usergroups defining on user properties.

-User was already part of other group. We checked member of but new group was not assigned.

-We deleted all the groups and deleted Windows AD alias. We again assigned Windows AD alias and all required groups got assigned in member of section of user properties.

-Checked the groups are security groups (global, local, universal) not distribution groups as per KBA: 2028868 - Mapped AD group(s) no longer displays some or all of the users

-CMS restarted as well.

users can login the system wirh secWinAD authentication and can work normally.

can anybody help us

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (5)

Answers (5)

BasicTek
Advisor
Advisor
‎03-27-2019 4:56 PM
0 Kudos

That's actually not an error it's seen when everything works as well RE: "Failed: 1332, Error 1332: No mapping between account names and security IDs was done"

I'd remove your domain name from the above logs if you can edit the post. I don't see any particular mapping failures in your log. Look up "UserReloadThread: fetch" or just "UserReloadThread" that thread shows the results, else errors of failed mapping are usually something along the lines of domain or SID not found...

-Tim

Show replies
Show replies
former_member295311
Explorer
‎03-25-2019 2:54 PM
0 Kudos

Hello Tim,

i created trace file and find below logs. we are getting below error message while running authentication plugin

Failed: 1332, Error 1332: No mapping between account names and security IDs was done.


|8fd1e309-1aaf-fd24-5b50-c97ac2e1aa5c|2019 03 22 23:35:15:925|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: CAccountEntity::BindIADs() called with a path of CN=USERGROUP,OU=Dist Lists,OU=Resource,DC=xxx,DC=xxxx
.\ad_acct_entity.cpp:2683:-: TraceLog message 1002946
|0e2015ab-c2d4-90a4-496d-e9465f23da61|2019 03 22 23:35:15:926|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: CAccountEntity::BindIADs() -- Trying to bind to DC of domain domain
.\ADNetworkBinding.cpp:573:-: TraceLog message 1002947
|2fdd6a13-e805-1754-d969-9fac276cf67b|2019 03 22 23:35:15:926|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADNetworkBinding::BindIADsToDomainController() -- called with a path of CN=USERGROUP,OU=Dist Lists,OU=Resource,DC=domain,DC=local
.\ADNetworkBinding.cpp:703:-: TraceLog message 1002948
|92c1a8bb-ac89-4054-7833-7b9fc4252c07|2019 03 22 23:35:15:926|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADNetworkBinding::GetDomainController() -- Looking up DC for domain (FQDN)
.\ADNetworkBinding.cpp:788:-: TraceLog message 1002949
|22705007-183f-d494-a982-656d1c1bb1b1|2019 03 22 23:35:15:927|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADNetworkBinding::GetDomainController() -- Local site: 09-OPC, DC's site: 09-OPC
.\ADNetworkBinding.cpp:821:-: TraceLog message 1002950
|39c9452a-500f-28a4-c9aa-f22a6421220e|2019 03 22 23:35:15:927|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADNetworkBinding::GetDomainController() -- DC for domain is domaincontroller.local
.\ADNetworkBinding.cpp:640:-: TraceLog message 1002951
|c047b458-dcaf-66b4-3b26-df5e162d8721|2019 03 22 23:35:15:928|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADNetworkBinding::BindIADsToDomainController() -- Binding to domain controller with LDAP://domaincontroller.local/CN=USERGROUP,OU=Dist Lists,OU=Resource,DC=domain,DC=local -- hr=0
.\ADNetworkBinding.cpp:644:-: TraceLog message 1002952
|dbb7cd62-f61e-6b94-4a73-80499a0348ac|2019 03 22 23:35:15:928|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADNetworkBinding::BindIADsToDomainController() -- o_swDomainController set to domaincontroller.local
.\ADAccountFactory.cpp:460:-: TraceLog message 1002953
|0cbe2a2c-3489-83d4-a993-1cd85399fc56|2019 03 22 23:35:15:935|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADAccountFactory::AddToCache() -- Called for object of type 2
.\ADAccountFactory.cpp:491:-: TraceLog message 1002954
|bd8028af-f482-8784-ba97-36f65cec7e97|2019 03 22 23:35:15:935|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADAccountFactory::AddToCache() -- Added CN=USERGROUP,OU=Dist Lists,OU=Resource,DC=domain,DC=local to cache.
.\ad_impl.cpp:1926:-: TraceLog message 1002955
|98b85d88-ddac-7fd4-d8be-4f5b1fd35f15|2019 03 22 23:35:15:935|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: CADImpl::GetGroupId() -----------------------------------------------------------
.\ADAccountFactory.cpp:46:-: TraceLog message 1002956
|bc37d6ab-ef0d-b4b4-0a90-5e852c74d146|2019 03 22 23:35:15:961|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADAccountFactory::GetAccount() called for S-1-5-21-1677146410-562372274-643713613-1060807
.\ADAccountFactory.cpp:393:-: TraceLog message 1002957
|3bc825a0-3b38-86a4-7a95-409b5a8d9ec7|2019 03 22 23:35:15:961|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADAccountFactory::GetFromNT() -- Called for S-1-5-21-1677146410-562372274-643713613-1060807
.\ad_acct_entity.cpp:3886:-: TraceLog message 1002958
|18e33ac4-846a-4f74-898d-5c2d2343a58c|2019 03 22 23:35:15:961|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: CAccountEntity::ConvertDomainToNTFormat() -- Looking up DOMAIN
.\ad_acct_entity.cpp:3893:-: TraceLog message 1002959
|029c9eff-a37f-62c4-e8a5-b2052756c400|2019 03 22 23:35:15:961|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: CAccountEntity::ConvertDomainToNTFormat() -- DOMAIN is already in NT format.
.\ad_acct_entity.cpp:418:-: TraceLog message 1002960
|cf96750e-bab8-2724-d939-6175ecaa6ed8|2019 03 22 23:35:15:961|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: CAccountEntity::InitFromNTName -- Looking up DOMAIN\S-1-5-21-1677146410-562372274-643713613-1060807
.\ad_acct_entity.cpp:455:-: TraceLog message 1002961
|933d4097-0baf-4d84-ba40-a1cfcc60c42c|2019 03 22 23:35:15:974|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: CAccountEntity::InitFromNTName() -- LookupAccountName() Failed: 1332, Error 1332: No mapping between account names and security IDs was done.
.\ADAccountFactory.cpp:408:-: TraceLog message 1002962
|1abd84fc-ee9e-90a4-c870-f224ca1e179e|2019 03 22 23:35:15:974|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADAccountFactory::GetFromNT() -- Could not initialize account.
.\ADAccountFactory.cpp:46:-: TraceLog message 1002963
|07b30909-1e09-d144-cb37-c8d0c823e5e3|2019 03 22 23:35:15:974|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADAccountFactory::GetAccount() called for S-1-5-21-1677146410-562372274-643713613-1060807
.\ADAccountFactory.cpp:249:-: TraceLog message 1002964
|57ab62e5-b35c-eb24-aab2-2d1994ddb6fa|2019 03 22 23:35:15:974|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: ADAccountFactory::GetFromSid() -- Sid not found in cache: S-1-5-21-1677146410-562372274-643713613-1060807
.\ad_acct_entity.cpp:2857:-: TraceLog message 1002965
|07daf897-961f-7ef4-09f9-e07b439a86eb|2019 03 22 23:35:15:974|+0300|Information| |==| | |cms_server.CentralManagementServer1|46968|30968|| |22|4|2|4|CMC.WebApp|wasserver:4176:9956.364431:1|BIPSDK.InfoStore:commit|wasserver:4176:9956.364431:9|cms_server.CentralManagementServer1.commitEx4|localhost:46968:30968.19634:1|Cg7KB3l.j0ouiVuVup1euQc58f8d|||||||||||WINAD: CAccountEntity::BindIADsToLDAPFromSid() -- called with a sid of S-1-5-21-1677146410-562372274-643713613-1060807
.\ad_acct_entity.cpp:3340:-: TraceLog message 1002966


error log

Show replies
Show replies
former_member295311
Explorer
‎02-16-2019 10:06 AM
0 Kudos

Hello Tim,

We upgraded our versiyon to 4.1 SP7 patch1. But issue is still staying. Do you have any other suggestion?

Thank you.

Sinan

Show replies
Show replies
BasicTek
Advisor
Advisor
‎02-19-2019 8:37 PM
0 Kudos

you may need to clean out anything that was leftover. Without CMS logging it's hard to tell if the issue is current or leftover from the patch. KBA https://apps.support.sap.com/sap/support/knowledge/preview/en/2543957 can help with the logging

former_member295311
Explorer
‎12-21-2018 2:03 PM
0 Kudos

Hello Tim,

thanks four your quick response. Our exact problem is,

1. UserA still exist in BI which is already mapped in GroupA.

2. We are mapping new user group GroupB in CMC >>Authentication>>WinAD. UserA also member of GroupB in Windows Active Directory side.

3. GroupB is created without any user in BO by Winad Pluging with scheduled task or manuel update.

4. After deleting UserA WinAd alliases from user properties and creating new one for WindowsAD, then appearing GroupB on UserA.

Show replies
Show replies
BasicTek
Advisor
Advisor
‎12-21-2018 6:53 PM
0 Kudos

That is one of the symptoms of the note I referenced 2118522

BasicTek
Advisor
Advisor
‎12-21-2018 1:45 PM
0 Kudos

I'm not clear on your issue, if users can login then they are already mapped in successfully. Is the issue that the users are not members of the proper groups? There was an issue back near your version where if any empty groups were queried then updates would fail, you will need to logon to launchpad and check SAP note 2118522. This can be worked around by removing any empty groups and was fixed in 4.1 SP6

-Tim

Show replies
Show replies
Ask a Question