Hi all,
we are experiencing some problems in the set-up of Windows AD logon on BI 4.1 SP6.
We followed the steps as described in the very helpfull document of Sandeep Chandran on SCN.
Here are the steps followed in short:
1. Service account created
2. Setspn
3. CMC setup
4. Stop SIA and make changes to System account from SIA properties
5. Created Krb and bcslogin files under Windows
6. run kinit service ==>successful
7. login to WebiRichClient on server with Windows AD Account ==> succesful
8. Stop Tomcat-->Navigate to BOE under Tommcat. (Tomcat7->Webapps->BOE->WEB-INF->config->custom)
created files for BIlaunchpad
authentication.visible=true
authentication.visible=true
authentication.default=secWinAD
9. Tomcat Configuration --Java-->
-Djava.security.auth.login.config=c:\windows\bsclogin.conf
-Djava.security.krb5.conf=c:\windows\krb5.ini
10. start Tomcat + login to /BOE/BI --> appearance of authentication and authentication method are visible and executed correctly.
However when we now log on, both on BOE/BI as on BOE/CMC, with the identical user as we did in the verification in step 7 we get following error message:
"Account information not recognized: Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserName@DNS_DomainName, and then try again. (FWM 00006)"
Unchecking the Enable Single Sign-On (SSO) for the selected authentication mode didn't help as suggested in another post.
Is there something we are missing in the installation? Does the communication with the Domain controller via Java uses a different port than the communication with the WebiRichClient?
We hope that someone can help us out in getting over this last hurdle.
Thanks in advance!