2
SAP Knowledge Base Article Symptom l Receiving invalid SID error when scheduling AD updates or updating manually l CMS trace has errors like l Could not locate a DC for domain (domain name) or domain does not exist. l Error getting a DC for the sid l The secWinAD plugin failed to look up the account for the group "Group SID". Please enter non-local groups as DomainName\GroupName and local groups as \\ServerName\GroupName .) while trying to retrieve info for group: "group SID" l Failed: 1332, Error 1332: No mapping between account names and security IDs was done. l assert failure: (.\ad_acct_entity.cpp:152). (false : WINAD: CAccountEntity::InitFromSid() -- BindIADsToLDAPFromSid hr=-2147467259). Environment SAP BusinessObjects Business Intelligence Platform 4.0 Support Pack 6 Reproducing the Issue Requires AD to be configured for 2 or more forests. Local forest and domains do not seem to be affected Cause Currently this issue appears to be related to a fix from ADAPT01545484 Resolution l If not scheduling AD updates this issue seems to occur less often and maybe not at all, however this is not a valid work around as updates are needed in BI 4.0 l The developer created an executable that called the Microsoft API to search for the customers DC outside of the SAP code, it had the same results indicating the issue was external to BI despite the symptoms above. l The customer never responded back to explain what environmental issue caused the failures so both the customer incident and ADAPT were closed with known cause of the problem. The issue was serious and production affecting so it is assumed that once we isolated the issue to being outside SAP the customer was able to resolve with the help of their internal AD tram or Microsoft. l This KBA will be updated as new information is found. while this problem was found in BI 4.0 SP6 it can be assumed any SAP BI products may see similar behavior because the behavior was an environmental that was occurring outside the SAP products. See Also The symptoms of this problem are very similar to the one in KBA 1609510 Problems with AD users when mapping groups that exist in multiple forests or domains except they happen on BI servers that already have a patch installed that works around that Microsoft issue and the sidhistory was not duplicating existing sids Keywords zie SSO single sign on sign-on automatic logon multiple forests Header Data Product 1886178 - Intermittent failures with AD groups in remote forest after applying SP6 on BI 4.0 Version 4 Validity: 30.06.2014 - active Language English Released On 30.06.2014 15:04:26 Release Status Released to Customer Component BI-BIP-AUT Authentication, ActiveDirectory, LDAP, SSO, Vintela Priority Normal Category Problem Product Product Version SAP BusinessObjects Business Intelligence platform SAP BusinessObjects Business Intelligence platform 4.0

0001886178

Embed Size (px)

DESCRIPTION

bo solution

Citation preview

  • SAP Knowledge Base Article

    Symptom

    l Receiving invalid SID error when scheduling AD updates or updating manually l CMS trace has errors like l CouldnotlocateaDCfordomain(domainname)ordomaindoesnotexist. l Error getting a DC for the sid l The secWinAD plugin failed to look up the account for the group "Group SID". Please enter non-local groups as DomainName\GroupName

    and local groups as \\ServerName\GroupName.) while trying to retrieve info for group: "group SID" l Failed:1332,Error1332:NomappingbetweenaccountnamesandsecurityIDswasdone. l assert failure: (.\ad_acct_entity.cpp:152). (false : WINAD: CAccountEntity::InitFromSid() -- BindIADsToLDAPFromSid hr=-2147467259).

    Environment

    SAP BusinessObjects Business Intelligence Platform 4.0 Support Pack 6

    Reproducing the Issue

    Requires AD to be configured for 2 or more forests. Local forest and domains do not seem to be affected

    Cause

    Currently this issue appears to be related to a fix from ADAPT01545484

    Resolution

    l If not scheduling AD updates this issue seems to occur less often and maybe not at all, however this is not a valid work around as updates are needed in BI 4.0

    l The developer created an executable that called the Microsoft API to search for the customers DC outside of the SAP code, it had the same results indicating the issue was external to BI despite the symptoms above.

    l The customer never responded back to explain what environmental issue caused the failures so both the customer incident and ADAPT were closed with known cause of the problem. The issue was serious and production affecting so it is assumed that once we isolated the issue to being outside SAP the customer was able to resolve with the help of their internal AD tram or Microsoft.

    l This KBA will be updated as new information is found. while this problem was found in BI 4.0 SP6 it can be assumed any SAP BI products mayseesimilarbehaviorbecausethebehaviorwasanenvironmentalthatwasoccurringoutsidetheSAPproducts.

    See Also

    The symptoms of this problem are very similar to the one in KBA1609510ProblemswithADuserswhenmappinggroupsthatexistinmultipleforests or domainsexcepttheyhappenonBIserversthatalreadyhaveapatchinstalledthatworksaroundthatMicrosoftissueandthesidhistorywas not duplicating existing sids

    Keywords

    zie SSO single sign on sign-on automatic logon multiple forests

    Header Data

    Product

    1886178 - Intermittent failures with AD groups in remote forest after applying SP6 on BI 4.0

    Version 4 Validity: 30.06.2014 - active Language English

    Released On 30.06.2014 15:04:26 Release Status Released to Customer Component BI-BIP-AUT Authentication, ActiveDirectory, LDAP, SSO, Vintela Priority Normal Category Problem

    Product Product Version

    SAP BusinessObjects Business Intelligence platform SAP BusinessObjects Business Intelligence platform 4.0

  • References

    This document refers to:

    SAP Knowledge Base Articles 1609510 Problems with AD users when mapping groups that exist in multiple forests or domains