cancel
Showing results for 
Search instead for 
Did you mean: 

BusinessObjects 3.1 SP3 Windows AD authentication error (FWM 000005)

Former Member
0 Kudos
141

Changed SIA to use an AD user, instead of log on as system account. After change CMC still works, but unable to login to Infoview with any AD user profiles.

When SIA is running using the system account, everything works fine.

Here's the error when logging into Infoview

Account Information Not Recognized: The Active Directory Authentication plugin could not authenticate at this time. Please try again. If the problem persists, please contact your technical support department. (FWM 00005)

Enter your user information and click Log On.

(If you are unsure of your account information, contact your system administrator.)

Web application server is Webshere 6.1 and AIX.

Accepted Solutions (1)

Accepted Solutions (1)

BasicTek
Advisor
Advisor
0 Kudos

OK you can only login to websphere if you have a service account with SPN, It should work with local service unless you have the host spn entered in the CMC > authentication > windows AD > service principal name

What value is entered there?

If it begins with host then you need to create an SPN for the account running the SIA and enter that SPN in that field.

Regards,

Tim

Former Member
0 Kudos

Hey Tim, thx for replying...

The service principal name entered is: HOST/MYSERVER.SUBDOMAIN.DOMAIN.NET

Being that it does start with HOST, how/where would I need to create the SPN?

BasicTek
Advisor
Advisor
0 Kudos

you need AD admin rights or delegated servic e account modify rights, then run a command setspn -a BOSSO/serviceaccount.domain.com domain\serviceaccount

serviceaccount is the account running the SIA domain.com is the domain the account was created in, you can make the SPN anything but one must be created then the same value entered in the CMC where the host SPN exists currently.

Regards,

Tim

Former Member
0 Kudos

Thx, I'll give that a try...

Former Member
0 Kudos

Hey Tim, looks like I have an authority issue... got insufficient access error 0x2098/8344. Looks like I have to contact my system admin. I will keep you posted.

0 Kudos

Hi,

yes - best would be if an user with domain amdin rights hits the commands....usually the guys from your AD Team.

Regards

-Seb.

Answers (0)