2
SAP Knowledge Base Article Symptom l Receiving invalid SID error when scheduling AD updates or updating manually l CMS trace has errors like l Could not locate a DC for domain (domain name) or domain does not exist. l Error getting a DC for the sid l The secWinAD plugin failed to look up the account for the group "Group SID". Please enter non-local groups as DomainName\GroupName and local groups as \\ServerName\GroupName .) while trying to retrieve info for group: "group SID" l Failed: 1332, Error 1332: No mapping between account names and security IDs was done. l assert failure: (.\ad_acct_entity.cpp:152). (false : WINAD: CAccountEntity::InitFromSid() -- BindIADsToLDAPFromSid hr=-2147467259). Environment SAP BusinessObjects Business Intelligence Platform 4.0 Support Pack 6 Reproducing the Issue Requires AD to be configured for 2 or more forests. Local forest and domains do not seem to be affected Cause Currently this issue appears to be related to a fix from ADAPT01545484 Resolution l If not scheduling AD updates this issue seems to occur less often and maybe not at all, however this is not a valid work around as updates are needed in BI 4.0 l The developer created an executable that called the Microsoft API to search for the customers DC outside of the SAP code, it had the same results indicating the issue was external to BI despite the symptoms above. l The customer never responded back to explain what environmental issue caused the failures so both the customer incident and ADAPT were closed with known cause of the problem. The issue was serious and production affecting so it is assumed that once we isolated the issue to being outside SAP the customer was able to resolve with the help of their internal AD tram or Microsoft. l This KBA will be updated as new information is found. while this problem was found in BI 4.0 SP6 it can be assumed any SAP BI products may see similar behavior because the behavior was an environmental that was occurring outside the SAP products. See Also The symptoms of this problem are very similar to the one in KBA 1609510 Problems with AD users when mapping groups that exist in multiple forests or domains except they happen on BI servers that already have a patch installed that works around that Microsoft issue and the sidhistory was not duplicating existing sids Keywords zie SSO single sign on sign-on automatic logon multiple forests Header Data Product 1886178 - Intermittent failures with AD groups in remote forest after applying SP6 on BI 4.0 Version 4 Validity: 30.06.2014 - active Language English Released On 30.06.2014 15:04:26 Release Status Released to Customer Component BI-BIP-AUT Authentication, ActiveDirectory, LDAP, SSO, Vintela Priority Normal Category Problem Product Product Version SAP BusinessObjects Business Intelligence platform SAP BusinessObjects Business Intelligence platform 4.0

0001886178

Embed Size (px)

DESCRIPTION

bo solution

Citation preview

  • SAP Knowledge Base Article

    Symptom

    l Receiving invalid SID error when scheduling AD updates or updating manually l CMS trace has errors like l CouldnotlocateaDCfordomain(domainname)ordomaindoesnotexist. l Error getting a DC for the sid l The secWinAD plugin failed to look up the account for the group "Group SID". Please enter non-local groups as DomainName\GroupName

    and local groups as \\ServerName\GroupName.) while trying to retrieve info for group: "group SID" l Failed:1332,Error1332:NomappingbetweenaccountnamesandsecurityIDswasdone. l assert failure: (.\ad_acct_entity.cpp:152). (false : WINAD: CAccountEntity::InitFromSid() -- BindIADsToLDAPFromSid hr=-2147467259).

    Environment

    SAP BusinessObjects Business Intelligence Platform 4.0 Support Pack 6

    Reproducing the Issue

    Requires AD to be configured for 2 or more forests. Local forest and domains do not seem to be affected

    Cause

    Currently this issue appears to be related to a fix from ADAPT01545484

    Resolution

    l If not scheduling AD updates this issue seems to occur less often and maybe not at all, however this is not a valid work around as updates are needed in BI 4.0

    l The developer created an executable that called the Microsoft API to search for the customers DC outside of the SAP code, it had the same results indicating the issue was external to BI despite the symptoms above.

    l The customer never responded back to explain what environmental issue caused the failures so both the customer incident and ADAPT were closed with known cause of the problem. The issue was serious and production affecting so it is assumed that once we isolated the issue to being outside SAP the customer was able to resolve with the help of their internal AD tram or Microsoft.

    l This KBA will be updated as new information is found. while this problem was found in BI 4.0 SP6 it can be assumed any SAP BI products mayseesimilarbehaviorbecausethebehaviorwasanenvironmentalthatwasoccurringoutsidetheSAPproducts.

    See Also

    The symptoms of this problem are very similar to the one in KBA1609510ProblemswithADuserswhenmappinggroupsthatexistinmultipleforests or domainsexcepttheyhappenonBIserversthatalreadyhaveapatchinstalledthatworksaroundthatMicrosoftissueandthesidhistorywas not duplicating existing sids

    Keywords

    zie SSO single sign on sign-on automatic logon multiple forests

    Header Data

    Product

    1886178 - Intermittent failures with AD groups in remote forest after applying SP6 on BI 4.0

    Version 4 Validity: 30.06.2014 - active Language English

    Released On 30.06.2014 15:04:26 Release Status Released to Customer Component BI-BIP-AUT Authentication, ActiveDirectory, LDAP, SSO, Vintela Priority Normal Category Problem

    Product Product Version

    SAP BusinessObjects Business Intelligence platform SAP BusinessObjects Business Intelligence platform 4.0

  • References

    This document refers to:

    SAP Knowledge Base Articles 1609510 Problems with AD users when mapping groups that exist in multiple forests or domains


Fortran

Fortran

Documents
Simple Functions in Haskell

Simple Functions in Haskell

Documents
Compressing And Decompressing Folders

Compressing And Decompressing Folders

Documents
Heidegger Kritik

Heidegger Kritik

Documents
Star Wars Prequel Trilogy Trivia (Episodes I-III)

Star Wars Prequel Trilogy Trivia (Episodes I-III)

Documents
How Computer Keyboards Work

How Computer Keyboards Work

Documents
Daniel Zanella and Alexander Weygers

Daniel Zanella and Alexander Weygers

Documents
How Computer Monitors Work

How Computer Monitors Work

Documents
Life Is Just A Dream - Or Is It?

Life Is Just A Dream - Or Is It?

Documents
18 Tricks to Teach Your Body

18 Tricks to Teach Your Body

Documents
(Tesla) - The Tesla Magnetic Car Engine

(Tesla) - The Tesla Magnetic Car Engine

Documents
Bhagavad Gita

Bhagavad Gita

Documents
Cakes Recipes

Cakes Recipes

Documents
Chapter-01

Chapter-01

Documents
The Last Carnival I Ever Saw

The Last Carnival I Ever Saw

Documents
Rubik's cube solution

Rubik's cube solution

Documents
United States Constitution

United States Constitution

Documents
Algorithms

Algorithms

Documents
Introduction to Six Sigma

Introduction to Six Sigma

Documents
Iron Mills Essay

Iron Mills Essay

Documents
Basic Buffer Overflows Explained

Basic Buffer Overflows Explained

Documents
Bodybuilding - The Rock Hard Challenge (Month 1 Training)

Bodybuilding - The Rock Hard Challenge (Month 1 Training)

Documents
xCDC14a

xCDC14a

Documents
Venture Capital

Venture Capital

Documents
Disclaimer

Disclaimer

Documents
Star Wars Trivia!

Star Wars Trivia!

Documents
Do you admire Leonardo da Vinci?

Do you admire Leonardo da Vinci?

Documents
Oedipus The King: The Ideal Tragic Play

Oedipus The King: The Ideal Tragic Play

Documents
Aesops Fables

Aesops Fables

Documents
Keyboard Shortcuts for the Opera Browser for Mac OS X

Keyboard Shortcuts for the Opera Browser for Mac OS X

Documents