- SAP Managed Tags
I'm posting this here because I have not found this documented anywhere, so others might find it useful.
The scenario is as follows: an OLAP connection is created to a BW system, and can be confirmed to work via the CMC (using "Choose cube") or via WebI Desktop. However, when one tries to use the browser-based WebI, the error below is thrown:
This error has several causes apparently, judging from Notes 2088944 and 2062091. In these cases, the cause is a symbol in the password of the BW account. That was not the case here, as the password did not contain any symbols. Other notes suggested a BW password change may cause this as well, because the relevant APS server caches the password originally used and the new one is not forwarded to BW. We have had that very same issue just hours before a Demo and that can ruin your day . Another cause to check is authorisation in both BW (of the BW account to the cube) and BI (authorisation of the user to the OLAP connection).
Now back to the issue at hand. The logs will "help" you. The WebI processing server GLF will claim that the "password logon is no longer possible" because of "too many failed attempts" on the BW server:
Well, you know the password works, there is no authorisation issue on either sides, no symbols in the BW password, so what is wrong? Another note will suggest restarting servers, SIA and even re-creating APS servers when the BW password is changed. We tried all that, but in this case, the password had not changed, so re-creating servers, etc., did not help.
In the end, the problem is that there was an invalid configuration for SAP authentication in the area CMC > Authentication > SAP. An invalid "Entitlement Systems" entry was for some reason causing the problem. When clicking on the tab "Role Import", the same error "too many attempts" would be thrown.
Interestingly, all OLAP connections were using Pre-defined Authentication (not SSO), so one would think SSO SAP authentication would not affect these connections. Well, think again.
Solution: in the end, we just removed the offending SAP Entitlement records (there were two), restarted the APS and WebI processing servers, and the connection works. Hope this will help someone.
Accepted Solutions (0)
Answers (3)
Hi Balaji,
That is precisely the point, I was hoping that these two authentication areas (connection to BW and sap sso) would work independently when not using the connection in SSO, given that one has a choice of using SSO when setting up that connection:
In our case, the faulty sap sso (entitlement) configuration was preventing connections configured as Pre-defined. It would be expected if this was happening for SSO connections, but the error happened when using Enterprise accounts and Pre-defined connections, and this seems to be a bug.
To answer your query more specifically, I expect you should be able to have different SAP IDs for your entitlement system and for Pre-defined OLAP connections, because that seems to be the point of allowing the Pre-defined option. However, what we observed here was that a problematic sso configuration was having an unexpected effect on the (Pre-defined) OLAP connections, so I cannot guarantee that the expectation would be confirmed. In our case, we deleted the entitlement system configuration because we don't need sap sso, and that is when the OLAP connections started working again.
Hi Josh,
Your politeness is acknowledged and appreciated. It is a rare virtue in forums like these. I understand you are trying to understand the problem rather than proving me wrong = )
I have consistently used the "Administrator" account as the BI account for all tests, so the authentication was forcibly always "Enterprise". The SSO to SAP was not working or used at the time of the tests. In fact, no SSO at all (LDAP, AD, nothing is configured here).
The account used in the OLAP connections was different from the one used in the Entitlement System. Moreover, one can successfully connect to BW (SAP GUI) using the SAP account details.
After your comments, I tried to re-create the problem by setting up an Entitlement system with a bad password and I too could not replicate the problem. Until I restarted the SIA with that Entitlement system in place (still with a bad password). Now the good old error is back.
To make sure you can replicate exactly what I see here, below follow the steps I took:
1. Version: BI 4.1 SP05 no FP on Windows;
2. Create a new Entitlement System as below and save it (update)
3. Click on Role Import and check that it shows the error below:
4. Restart SIA/Tomcat;
5. Try creating a new (web-based) WebI on a BEx query/OLAP connection and get the error below:
The screenshot included the timestamp from the Java console so as to confirm I have just been able to re-create it following the steps above.
Note: the same connection will work if one uses the desktop version of WebI (Rich Client).
Regards,
Francisco
Bluesky| User | Count |
|---|---|
| 18 | |
| 7 | |
| 6 | |
| 6 | |
| 6 | |
| 4 | |
| 3 | |
| 3 | |
| 2 | |
| 2 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.