SAP Knowledge Base Article - Preview

1665526 - Users outside of the Default AD forest cannot login to Business Objects Client tools

Symptom

    • When a user from outside the default AD forest attempts to login to CCM>Manage Servers as DOMAIN\username they get the following error: "Internal error"
    • The same user receives the following error in the WEBI Rich Client: Logon failure due to an internal error.
    • The same user receives the following error in the Universe Designer: Your login ID is not valid. 

                                                                                                      [repo_proxy 13] SessionFacade::openSessionLogon with user info has failed(Internal error.(hr=#0x80042a01)

Note: Users from the default domain or default forest are successfully able to login to CCM>Manage Servers and all the other client tools.

 

Wireshark capture on the CMS box while a user from remote forest attempts to login to CCM>Manage Servers shows the following error:

2510 32.887111 10.97.34.82 10.97.54.243 KRB5 KRB Error: KRB5KDC_ERR_POLICY NT Status: Unknown error code 0xc0000413

MSG Type: KRB-ERROR (30); error_code: KRB5KDC_ERR_POLICY (12)

CMS trace shows the following:

2011/10/13 22:20:37.140|==| | |12200| 700| |||||||||||||||WinAD: AcceptKerbLogin returned DENIED

2011/10/13 22:20:37.140|==| | |12200| 700| |||||||||||||||WinAD: AcceptKerbLogin failed: 3

2011/10/13 22:20:37.140|==| | |12200| 700| |||||||||||||||WinAD: AcceptKerbLogin() failed with code 3

 


Read more...

Environment

SAP Business Objects Enterprise XI 3.1

Multiple Active Directory Forests

Product

SAP BusinessObjects Enterprise XI 3.1

Keywords

Internal error ccm manage servers windows ad , KBA , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.