cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Domain User can be added to BPC by administrator but cannot access BPC

Go to solution
Former Member

on ‎02-10-2012 11:43 AM

0 Kudos

Dear experts,

we have set up BPC 7.5 NW SP09 with users from active directory. It is possible in BPC Administration to access the active directory domain and add the relevant user. When this user then tries to log on to BPC he gets the error message 'The user ID, password or Domain cannot be authenticated.' He can access with his normal ID and password after we added him also as administrator in the local windows server where BPC-Web component is installed on.

We already went through SAP Notes 1422163 and 1381073.

Does anyone of you have a good idea? How is the communication of BPC and active directory set up? Do the systemusers (BPC_ADMIN, _SYSADMIN, _USER) have to be part of the active directory?

Thanks and best regards

Felix

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-10-2012 12:41 PM
0 Kudos

Hi Felix,

As far as I know <domain>\BPC_SYSADMIN needs to have enough priviledges to browse the AD and also it needs to be a local Administrator.

As you managed to add new users to BPC I assume you have it set correctly.

What you might also do to prevent this issue is add the Domain users to this server.

I believe they don't need to be Administrators.

Regards,

Marcelo

Show replies
Show replies
Former Member
‎02-10-2012 12:46 PM
0 Kudos

Hi Marcelo,

thank you. I think it could be because our BPC_SYSADMIN is not a user in our AD. Strange thing is that we still see the domain users in BPC but after we added them they cannot access BPC.

I already tried to add the AD Users as local users in windows server, but only when they are administrators there it is possible to log on. Very strange.

Thank you and best regards

Felix

Former Member
‎02-10-2012 12:58 PM
0 Kudos

Hi Felix,

Is BPC_SYSADMIN a local user or part of another domain?

If it's a member of another AD you have to ensure that there is a trust relationship between both AD.

The following was extracted from the Security guide found at [HELP@SAP|http://help.sap.com/bopacnw75]:

We recommend that all users come from a single domain

We recommend that all users have access to the domain the server is on. If they do not have direct access, the domain must be trusted between the server and user domain.

The installation user must have rights to browse the users from all user domains.

Regards,

Marcelo

Answers (1)

Answers (1)

Former Member
‎02-10-2012 1:17 PM
0 Kudos

Dear Marcelo,

our BPC_SYSADMIN is part of the local windows server (no other domain). The installation user is my personal AD user, so it should have sufficient rights to browse the AD.

I will check with my AD-Admins if there are some issues with the trust-relation of local windows server and our AD-domain server.

Furthermore we have quite a complex domain structure with a lot of different trees and about 12.000 Users. Maybe we could also have an issue there?

Thank you and best regards

Felix

Show replies
Show replies
Ask a Question