I've came across a weird issue in Shared Services (Hyperion 220.127.116.11) where the group cache refresh interval causes the provisioned MSAD groups under an HFM app via the 'Assigned Access Control' to disappear. This does not happen for the MSAD users. to replicate:
1) log into HSS
2) expand HFM and 'Right Click' HFM application and select 'Assign Access control'
3) Select 'Groups' and press 'Show All'
on the left column you should see MSAD groups and Native groups.
after the 60 minutes pass (or whatever time you input in the Groups Cache Refresh Interval) the MSAD groups disappear, and only native groups show up. The only way to make the groups reappear is if you run the start and stop script for EPM. Unfortunately after the system starts again and it reaches the Group refresh time interval, it happens all over again. i've tried changing the time limit to 5 and 10 minutes, and it happens at the time that was entered.
1) when you select 'Users' instead of 'Groups' and press 'Show All' it will always show the MSAD users and Native users.
2) if you go to 'Groups' under the respective MSAD connector and do a search for the groups they show up. it seems like its only under "Assign Access Control"
3) when the refresh period of 60 minutes happens, Authentication to workspace and HFM apps all lose connection for a minute or so, then come back. They receive errors "unable to authenticate user". Access comes back, but the MSAD groups are still missing.
Solutions I've tried:
1) We tried laying down patch 13327628 – it would not install because they are on HSS 18.104.22.168.600 already
2) The evict and idle timeout have been modified per the KB article: ID 1389871.1 (EPMCSS-00301: Failed To Authenticate User. Invalid credentials" Intermittently When MSAD User Logs Into Workspace.)
Currently the settings are set to default as follows:
Token time out – 480 mins
Groups Cache Refresh Interval – 60 mins
Evict interval- 2 mins
Allow Idle Connection time – 1 min
Grow connections is checked