1 2 Previous Next 17 Replies Latest reply: May 9, 2013 2:29 PM by 961405 RSS

    Unable to login to Analytics with any user including 'Weblogic'

    961405
      Hello -

      When I start my services, this is what I get.

      *<7-May-2013 8:47:08 o'clock AM EDT> <Error> <oracle.bi.security.service> <OBI-SEC-00004> <Unable to initialize oracle.bi.security.service.SecurityWebService>*
      *<7-May-2013 8:47:08 o'clock AM EDT> <Warning> <oracle.j2ee.ws.common.jaxws.JAXWS Messages> <BEA-000000> <Exception while executing the business logic: oracle.bi.security.service.SecurityServiceException: SecurityService::validateSystemUserSystem user could not be authenticated>*


      I am able to login to EM and console but cannot login to Analytics. When I check the status of all the services in EM or thru opmnctl, all of them seem to be up and running well.

      I have not made any changes in OBIEE and it was working well since a long time now. This authentication error is something sudden.

      One more thing I should add and I am not sure if it is the reason:

      I have configured Active directory. To configure it I have created a new security realm. 'MyRealm' is intact and has been set to default = False. The new realm 'LDAPRealm' is set to true. I have been using the system with this configuration for more than 5 months now. When I was not able to login, I checked the users in 'LDAPRealm' but I can view only the users that have been configured for 'DefaultAuthenticator'. The LDAP users are not visible (but I am not using them). I tried to set the default to 'myrealm' and stopped and then started the BI services but was still not able to login.

      What could the possible error be. Where should I look for more message on the error.

      Thanks in advance.
        • 1. Re: Unable to login to Analytics with any user including 'Weblogic'
          SunilSharma
          try to sync/change the password for bisystem user in weblogic under userandgroups and bisystemuser pwd in EM.

          look for sawlog.log file to see more info about the error. like invali username/password something like this.
          • 2. Re: Unable to login to Analytics with any user including 'Weblogic'
            961405
            I reset the password in both EM and console for bisystem and bisystemuser. I then checked the sawlog file. This is what I see:

            *[2013-05-07T09:47:49.000-04:00] [OBIPS] [NOTIFICATION:1] [] [saw.securitysubsystem.checkauthentication.runimpl] [ecid: 406146099153bd36:54642ae1:13e7ee7b13f:-8000-00000000000015f0,0:1:1] [tid: 4496] Authentication Failure.*
            Odbc driver returned an error (SQLDriverConnectW).
            *State: 08004.  Code: 10018.  [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.*
            *[nQSError: 43113] Message returned from OBIS.*
            *[nQSError: 43126] Authentication failed: invalid user/password. (08004)[[*
            File:checkauthentication.cpp
            Line:1316
            Location:
            *     saw.securitysubsystem.checkauthentication.runimpl*
            *     saw.threadpool.asynclogon*
            *     saw.threads*
            ecid: 406146099153bd36:54642ae1:13e7ee7b13f:-8000-00000000000015f0,0:1:1

            ThreadID: 4496

            *]]*

            No luck.
            • 3. Re: Unable to login to Analytics with any user including 'Weblogic'
              SunilSharma
              you need to reset the bisystem user for AD which you are using
              • 4. Re: Unable to login to Analytics with any user including 'Weblogic'
                Turbokat
                Go to EM > Application Roles and check if you have BISystem role there .? ->Did you check this<-

                Enable the atz and atn logging for bi_server1 managed server and open the bi_server1.log, .out and bi_server1 diagnostics log files and see where exactly its failing at.

                Please post more logging from bi_sever1.log also from nqssever.log too

                HTH,
                SVS

                Edited by: Turbokat on May 7, 2013 9:24 AM
                • 5. Re: Unable to login to Analytics with any user including 'Weblogic'
                  961405
                  Hi -

                  I enabled diagnostic for atn and atz with the following steps and restarted all the services and tried logging in.

                  1. Login to WLS console
                  2. Navigate to: WLS console --> expand 'Environment' --> click 'servers' --> click the server name on the middle pane, e.g., ‘BI_Server1'
                  3. Click the 'Debug' tag on the top, expand 'weblogic' under 'Debug Scopes and Attributes'
                  4. Expand 'security' -> expand 'atn' -> check the 'DebugSecurityAtn', and click 'enable' button

                  I could not log in. Below is the dump from different log files.


                  BI_server1.log

                  *####<7-May-2013 12:01:25 o'clock PM EDT> <Debug> <SecurityAtz> <OBI> <bi_server1> <MDSPollingThread-[owsm, jdbc/mds/owsm]> <<WLS Kernel>> <> <0000JtytwtcFc545zVO5yW1HYEy9000002> <1367942485194> <BEA-000000> <com.bea.common.security.internal.service.AuthorizationServiceImpl.isAccessAllowed returning adjudicated: true>*

                  BI_server1-diagnostic.log

                  *[2013-05-07T12:01:23.380-04:00] [bi_server1] [ERROR] [OBI-SEC-00004] [oracle.bi.security.service] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: BISystemUser] [ecid: 406146099153bd36:54642ae1:13e7ee7b13f:-8000-0000000000002079,0:1:1:8:1] [WEBSERVICE_PORT.name: SecurityServicePort] [APP: bimiddleware#11.1.1] [J2EE_MODULE.name: bimiddleware/security] [WEBSERVICE.name: SecurityService] [J2EE_APP.name: bimiddleware_11.1.1] Unable to initialize oracle.bi.security.service.SecurityWebService*
                  *[2013-05-07T12:01:23.380-04:00] [bi_server1] [WARNING] [] [oracle.j2ee.ws.common.jaxws.JAXWSMessages] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: BISystemUser] [ecid: 406146099153bd36:54642ae1:13e7ee7b13f:-8000-0000000000002079,0:1:1:8:1] [WEBSERVICE_PORT.name: SecurityServicePort] [APP: bimiddleware#11.1.1] [J2EE_MODULE.name: bimiddleware/security] [WEBSERVICE.name: SecurityService] [J2EE_APP.name: bimiddleware_11.1.1] Exception while executing the business logic: oracle.bi.security.service.SecurityServiceException: SecurityService::validateSystemUserSystem user could not be authenticated*

                  sawlog.log
                  *[2013-05-07T12:06:18.000-04:00] [OBIPS] [ERROR:31] [] [saw.security.odbcuserpopulationimpl.searchidentities] [ecid: 00iEf^k0uyWFw00Fzzw0w00000Tg000000,0:93] [tid: 3944] Error retrieving user/group data from Oracle BI Server's User Population API.*
                  Unable to create a system user connection to BI Server while running user population queries
                  Authentication Failure.
                  Odbc driver returned an error (SQLDriverConnectW).
                  *State: 08004.  Code: 10018.  [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.*
                  *[nQSError: 43113] Message returned from OBIS.*
                  *[nQSError: 43126] Authentication failed: invalid user/password. (08004)[[*
                  File:odbcuserpoploaderimpl.cpp
                  Line:719
                  Location:
                  *     saw.security.odbcuserpopulationimpl.searchidentities*
                  *     saw.security.userpopulationmanagerimpl.getaccountdetailsbyid*
                  *     saw.CatalogAttributes.cache.cleanup*
                  *     saw.taskScheduler.processJob*
                  *     saw.threadpool.taskscheduler*
                  *     saw.threads*
                  ecid: 00iEf^k0uyWFw00Fzzw0w00000Tg000000,0:93

                  ThreadID: 3944

                  task: Cache/CatalogAttributes

                  *]]*
                  • 6. Re: Unable to login to Analytics with any user including 'Weblogic'
                    Srini VEERAVALLI
                    Possible Solutions:
                    Check following entry in SetDomainEnv.cmd and SetManagedWeblogic.cmd. Try to add the below
                    For Windows (all on one line):

                    set JAVA_OPTIONS=%JAVA_OPTIONS% -Djavax.net.ssl.trustStore="D:\OBIEE11G_01/wlserver_10.3/server/lib/mykeystore.jks" -Djavax.net.ssl.trustStorePassword="Welcome1"

                    Or Check ID 1285899.1

                    If helps mark
                    • 7. Re: Unable to login to Analytics with any user including 'Weblogic'
                      961405
                      Hi -

                      I did all that was present in ID 1285889.1 but am still with the same error.

                      I did not implement the JAVA_OPTIONS as there are many places in the setdomainenv file where it is set. Not sure exactly where it needs to be put.
                      • 8. Re: Unable to login to Analytics with any user including 'Weblogic'
                        961405
                        Yes I do have the BI System Role present.
                        • 9. Re: Unable to login to Analytics with any user including 'Weblogic'
                          SunilSharma
                          Did u try to reset the password for bisystem user related to AD? not the default authenticator bisystem user
                          • 10. Re: Unable to login to Analytics with any user including 'Weblogic'
                            961405
                            I went to the LDAP_realm and changed the password for default authenticator BISystem user. I have configured for AD on this new realm but I do not see any users from my active directory. This is the only BISystem user present.

                            I am not sure why there is no users from my AD but irrespective of that, I would expect weblogic which is the default authenticator to be able to login.

                            I also tried switching back to the default realm in the hopes that it would 'undo' the AD configuration but it did not work. Not sure if it should work !!
                            • 11. Re: Unable to login to Analytics with any user including 'Weblogic'
                              SunilSharma
                              looks like your password for AD is not working thats why its not able to talk to AD and pull the users in there. Try to check the password for AD and also the below details

                              Host : pdc.gcbc.com
                              Port : 389
                              Principal : CN=ADBISystemUser, CN=Users, DC=gcbc, DC=com
                              Credential : Welcome1
                              Confirm Credential : Welcome1
                              User Base DN : CN=Users,DC=gcbc, DC=com
                              User Name Attribute : cn
                              User Object Class : user
                              Group Base DN : CN=Builtin, DC=gcbc, DC=com
                              GUID Attribute : objectguid

                              reset the password and then restart the admin adn managed server and see how it works whether it will show the users now or not
                              • 12. Re: Unable to login to Analytics with any user including 'Weblogic'
                                Turbokat
                                958402 wrote:
                                I went to the LDAP_realm and changed the password for default authenticator BISystem user. I have configured for AD on this new realm but I do not see any users from my active directory. This is the only BISystem user present.
                                To reset BISystemUser password refer to : http://obieesagar.blogspot.com/2013/03/resetting-bisytemuser-password-in-obiee.html
                                I am not sure why there is no users from my AD but irrespective of that, I would expect weblogic which is the default authenticator to be able to login.
                                It may be because the principal user who you specified at provider Specific tab in AD Provider setting , account was expired/locked or is invalid. Suggest you download a LDAP browser like : directory.apache.org/studio/ and see if there is any issue with this principal user which is responsible for search other users in that User Base DN. Make sure with your Network admin this account is working or messed up with.
                                I also tried switching back to the default realm in the hopes that it would 'undo' the AD configuration but it did not work. Not sure if it should work !!
                                May its because your still have the user.login.attr and username.attr still pointing to cn?

                                enable virtualize and value: true property in EM under Identity Security Store Properties and then refresh your GUID's and see if this changes anything.

                                For info refer to : http://www.askjohnobiee.com/2012/08/fyi-enabling-virtualization.html

                                HTH,
                                SVS
                                • 13. Re: Unable to login to Analytics with any user including 'Weblogic'
                                  961405
                                  Hello -

                                  I contacted the network admin and figured out there is a problem with the userid. He has now reset it. So, I change the credentials on the ADProvider as highlighted below:

                                  Principal : CN=*ADBISystemUser*, CN=Users, DC=gcbc, DC=com
                                  Credential : Welcome1
                                  Confirm Credential : Welcome1

                                  I restarted the admin and the bi server and I face the following problem:

                                  1. When I do a 'Start BI Services', the admin server starts up properly but it seems to be stuck on the BIserver. When I log on to EM, I see coreapplication down. So I restart all the services thru EM. Now the command prompt window shows proper start of the services and the 'BI Start' command prompt window disappears. Not sure why I have to restart thru EM.
                                  2. I still see the error 'Unable to initialize oracle.bi.security.service.SecurityWebService'. I confirmed that the new userid and password is working on the LDAP server. What could the possible reason be? I changed the new id/password only on the ADProvider as indicated above.

                                  Please help.

                                  Thanks !
                                  • 14. Re: Unable to login to Analytics with any user including 'Weblogic'
                                    SunilSharma
                                    you need to change the same password in EM for the bisystem user ADBISystemUser as it got changed/reset and after changing the same restart admin,managedserver and opmnctl and see how it goes

                                    mark if it helps

                                    Thanks,
                                    RM
                                    1 2 Previous Next