Upload
ryer-sonian
View
247
Download
7
Embed Size (px)
DESCRIPTION
bo solution
Citation preview
SAP Knowledge Base Article
Symptom
l Receiving invalid SID error when scheduling AD updates or updating manually l CMS trace has errors like l CouldnotlocateaDCfordomain(domainname)ordomaindoesnotexist. l Error getting a DC for the sid l The secWinAD plugin failed to look up the account for the group "Group SID". Please enter non-local groups as DomainName\GroupName
and local groups as \\ServerName\GroupName.) while trying to retrieve info for group: "group SID" l Failed:1332,Error1332:NomappingbetweenaccountnamesandsecurityIDswasdone. l assert failure: (.\ad_acct_entity.cpp:152). (false : WINAD: CAccountEntity::InitFromSid() -- BindIADsToLDAPFromSid hr=-2147467259).
Environment
SAP BusinessObjects Business Intelligence Platform 4.0 Support Pack 6
Reproducing the Issue
Requires AD to be configured for 2 or more forests. Local forest and domains do not seem to be affected
Cause
Currently this issue appears to be related to a fix from ADAPT01545484
Resolution
l If not scheduling AD updates this issue seems to occur less often and maybe not at all, however this is not a valid work around as updates are needed in BI 4.0
l The developer created an executable that called the Microsoft API to search for the customers DC outside of the SAP code, it had the same results indicating the issue was external to BI despite the symptoms above.
l The customer never responded back to explain what environmental issue caused the failures so both the customer incident and ADAPT were closed with known cause of the problem. The issue was serious and production affecting so it is assumed that once we isolated the issue to being outside SAP the customer was able to resolve with the help of their internal AD tram or Microsoft.
l This KBA will be updated as new information is found. while this problem was found in BI 4.0 SP6 it can be assumed any SAP BI products mayseesimilarbehaviorbecausethebehaviorwasanenvironmentalthatwasoccurringoutsidetheSAPproducts.
See Also
The symptoms of this problem are very similar to the one in KBA1609510ProblemswithADuserswhenmappinggroupsthatexistinmultipleforests or domainsexcepttheyhappenonBIserversthatalreadyhaveapatchinstalledthatworksaroundthatMicrosoftissueandthesidhistorywas not duplicating existing sids
Keywords
zie SSO single sign on sign-on automatic logon multiple forests
Header Data
Product
1886178 - Intermittent failures with AD groups in remote forest after applying SP6 on BI 4.0
Version 4 Validity: 30.06.2014 - active Language English
Released On 30.06.2014 15:04:26 Release Status Released to Customer Component BI-BIP-AUT Authentication, ActiveDirectory, LDAP, SSO, Vintela Priority Normal Category Problem
Product Product Version
SAP BusinessObjects Business Intelligence platform SAP BusinessObjects Business Intelligence platform 4.0
References
This document refers to:
SAP Knowledge Base Articles 1609510 Problems with AD users when mapping groups that exist in multiple forests or domains