on 04-05-2011 7:10 AM
I have a CR2008 V1 System, now with SP3 installed, running on a Windows Server 2008 x32 SP2 System. I can log on using Enterprise Authentication, but cannot get any users account to log in using Windows AD Authentication. The CMC shows that the AD Module is Updating, and minor changes in a Test User(change of OU) is reflected in the Alias shown, but the system will not recognise the AD login.
A strange thing is that when I went through Tim Ziemba's excellent White Paper and followed the steps, I got to run kinit (Username) and found that the system was looking for a c:\WINNT folder to find krb5.ini and bslogin.conf. Since this folder does not exist in Windows Server 2008, I even created it and copied these files in, but when I enter kinit (Username), I now get a password prompt, but on entering the password, I get the following:
C:\Program Files\Business Objects\javasdk\bin>kinit (Username here) --- Actual Value replaced
Password for(Username)@DOMAIN.COM.AU:(Password here) ---Actual Value replaced
Exception: krb_error 24 Pre-authentication information was invalid (24) Pre-auth
entication information was invalid
KrbException: Pre-authentication information was invalid (24)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:66)
at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:486)
at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:444)
at sun.security.krb5.internal.tools.Kinit.sendASRequest(Kinit.java:310)
at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:259)
at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:106)
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)
at sun.security.krb5.internal.ASRep.init(ASRep.java:58)
at sun.security.krb5.internal.ASRep.<init>(ASRep.java:53)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:50)
... 5 more
Since contacting SAP Support is like waiting for the next Comet to arrive, I wonder if anyone here has any helpful ideas?
Try the DOMAIN\username syntax not username(at)DOMAIN .
Regards,
Stratos
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Stratos, but I am now past that. One of my test users was actually corrupted in some way, so when I recreated the use, the problem disappeared. The problem seems to be that while we can log in using any valid user to Business View Manager, we cannot log in to CMC, Infoview or Java Infoview using AD credentials. As a test, I moved one of the test users to another OU and verified that its details get updated in the user list, so I believe that the problem lies in the interaction between IIS7 on WS2008 and CRS2008V1. I was told by Support on one of my rare calls back that I needed to install SP3, which I did after much drama, only to find that this changed nothing except the logo on the portal.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.