This discussion is archived
1 2 Previous Next 17 Replies Latest reply: May 9, 2013 12:29 PM by 961405 RSS

Unable to login to Analytics with any user including 'Weblogic'

961405 Newbie
Currently Being Moderated
Hello -

When I start my services, this is what I get.

*<7-May-2013 8:47:08 o'clock AM EDT> <Error> <oracle.bi.security.service> <OBI-SEC-00004> <Unable to initialize oracle.bi.security.service.SecurityWebService>*
*<7-May-2013 8:47:08 o'clock AM EDT> <Warning> <oracle.j2ee.ws.common.jaxws.JAXWS Messages> <BEA-000000> <Exception while executing the business logic: oracle.bi.security.service.SecurityServiceException: SecurityService::validateSystemUserSystem user could not be authenticated>*


I am able to login to EM and console but cannot login to Analytics. When I check the status of all the services in EM or thru opmnctl, all of them seem to be up and running well.

I have not made any changes in OBIEE and it was working well since a long time now. This authentication error is something sudden.

One more thing I should add and I am not sure if it is the reason:

I have configured Active directory. To configure it I have created a new security realm. 'MyRealm' is intact and has been set to default = False. The new realm 'LDAPRealm' is set to true. I have been using the system with this configuration for more than 5 months now. When I was not able to login, I checked the users in 'LDAPRealm' but I can view only the users that have been configured for 'DefaultAuthenticator'. The LDAP users are not visible (but I am not using them). I tried to set the default to 'myrealm' and stopped and then started the BI services but was still not able to login.

What could the possible error be. Where should I look for more message on the error.

Thanks in advance.
  • 1. Re: Unable to login to Analytics with any user including 'Weblogic'
    SunilSharma Expert
    Currently Being Moderated
    try to sync/change the password for bisystem user in weblogic under userandgroups and bisystemuser pwd in EM.

    look for sawlog.log file to see more info about the error. like invali username/password something like this.
  • 2. Re: Unable to login to Analytics with any user including 'Weblogic'
    961405 Newbie
    Currently Being Moderated
    I reset the password in both EM and console for bisystem and bisystemuser. I then checked the sawlog file. This is what I see:

    *[2013-05-07T09:47:49.000-04:00] [OBIPS] [NOTIFICATION:1] [] [saw.securitysubsystem.checkauthentication.runimpl] [ecid: 406146099153bd36:54642ae1:13e7ee7b13f:-8000-00000000000015f0,0:1:1] [tid: 4496] Authentication Failure.*
    Odbc driver returned an error (SQLDriverConnectW).
    *State: 08004.  Code: 10018.  [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.*
    *[nQSError: 43113] Message returned from OBIS.*
    *[nQSError: 43126] Authentication failed: invalid user/password. (08004)[[*
    File:checkauthentication.cpp
    Line:1316
    Location:
    *     saw.securitysubsystem.checkauthentication.runimpl*
    *     saw.threadpool.asynclogon*
    *     saw.threads*
    ecid: 406146099153bd36:54642ae1:13e7ee7b13f:-8000-00000000000015f0,0:1:1

    ThreadID: 4496

    *]]*

    No luck.
  • 3. Re: Unable to login to Analytics with any user including 'Weblogic'
    SunilSharma Expert
    Currently Being Moderated
    you need to reset the bisystem user for AD which you are using
  • 4. Re: Unable to login to Analytics with any user including 'Weblogic'
    Turbokat Pro
    Currently Being Moderated
    Go to EM > Application Roles and check if you have BISystem role there .? ->Did you check this<-

    Enable the atz and atn logging for bi_server1 managed server and open the bi_server1.log, .out and bi_server1 diagnostics log files and see where exactly its failing at.

    Please post more logging from bi_sever1.log also from nqssever.log too

    HTH,
    SVS

    Edited by: Turbokat on May 7, 2013 9:24 AM
  • 5. Re: Unable to login to Analytics with any user including 'Weblogic'
    961405 Newbie
    Currently Being Moderated
    Hi -

    I enabled diagnostic for atn and atz with the following steps and restarted all the services and tried logging in.

    1. Login to WLS console
    2. Navigate to: WLS console --> expand 'Environment' --> click 'servers' --> click the server name on the middle pane, e.g., ‘BI_Server1'
    3. Click the 'Debug' tag on the top, expand 'weblogic' under 'Debug Scopes and Attributes'
    4. Expand 'security' -> expand 'atn' -> check the 'DebugSecurityAtn', and click 'enable' button

    I could not log in. Below is the dump from different log files.


    BI_server1.log

    *####<7-May-2013 12:01:25 o'clock PM EDT> <Debug> <SecurityAtz> <OBI> <bi_server1> <MDSPollingThread-[owsm, jdbc/mds/owsm]> <<WLS Kernel>> <> <0000JtytwtcFc545zVO5yW1HYEy9000002> <1367942485194> <BEA-000000> <com.bea.common.security.internal.service.AuthorizationServiceImpl.isAccessAllowed returning adjudicated: true>*

    BI_server1-diagnostic.log

    *[2013-05-07T12:01:23.380-04:00] [bi_server1] [ERROR] [OBI-SEC-00004] [oracle.bi.security.service] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: BISystemUser] [ecid: 406146099153bd36:54642ae1:13e7ee7b13f:-8000-0000000000002079,0:1:1:8:1] [WEBSERVICE_PORT.name: SecurityServicePort] [APP: bimiddleware#11.1.1] [J2EE_MODULE.name: bimiddleware/security] [WEBSERVICE.name: SecurityService] [J2EE_APP.name: bimiddleware_11.1.1] Unable to initialize oracle.bi.security.service.SecurityWebService*
    *[2013-05-07T12:01:23.380-04:00] [bi_server1] [WARNING] [] [oracle.j2ee.ws.common.jaxws.JAXWSMessages] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: BISystemUser] [ecid: 406146099153bd36:54642ae1:13e7ee7b13f:-8000-0000000000002079,0:1:1:8:1] [WEBSERVICE_PORT.name: SecurityServicePort] [APP: bimiddleware#11.1.1] [J2EE_MODULE.name: bimiddleware/security] [WEBSERVICE.name: SecurityService] [J2EE_APP.name: bimiddleware_11.1.1] Exception while executing the business logic: oracle.bi.security.service.SecurityServiceException: SecurityService::validateSystemUserSystem user could not be authenticated*

    sawlog.log
    *[2013-05-07T12:06:18.000-04:00] [OBIPS] [ERROR:31] [] [saw.security.odbcuserpopulationimpl.searchidentities] [ecid: 00iEf^k0uyWFw00Fzzw0w00000Tg000000,0:93] [tid: 3944] Error retrieving user/group data from Oracle BI Server's User Population API.*
    Unable to create a system user connection to BI Server while running user population queries
    Authentication Failure.
    Odbc driver returned an error (SQLDriverConnectW).
    *State: 08004.  Code: 10018.  [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.*
    *[nQSError: 43113] Message returned from OBIS.*
    *[nQSError: 43126] Authentication failed: invalid user/password. (08004)[[*
    File:odbcuserpoploaderimpl.cpp
    Line:719
    Location:
    *     saw.security.odbcuserpopulationimpl.searchidentities*
    *     saw.security.userpopulationmanagerimpl.getaccountdetailsbyid*
    *     saw.CatalogAttributes.cache.cleanup*
    *     saw.taskScheduler.processJob*
    *     saw.threadpool.taskscheduler*
    *     saw.threads*
    ecid: 00iEf^k0uyWFw00Fzzw0w00000Tg000000,0:93

    ThreadID: 3944

    task: Cache/CatalogAttributes

    *]]*
  • 6. Re: Unable to login to Analytics with any user including 'Weblogic'
    Srini VEERAVALLI Guru
    Currently Being Moderated
    Possible Solutions:
    Check following entry in SetDomainEnv.cmd and SetManagedWeblogic.cmd. Try to add the below
    For Windows (all on one line):

    set JAVA_OPTIONS=%JAVA_OPTIONS% -Djavax.net.ssl.trustStore="D:\OBIEE11G_01/wlserver_10.3/server/lib/mykeystore.jks" -Djavax.net.ssl.trustStorePassword="Welcome1"

    Or Check ID 1285899.1

    If helps mark
  • 7. Re: Unable to login to Analytics with any user including 'Weblogic'
    961405 Newbie
    Currently Being Moderated
    Hi -

    I did all that was present in ID 1285889.1 but am still with the same error.

    I did not implement the JAVA_OPTIONS as there are many places in the setdomainenv file where it is set. Not sure exactly where it needs to be put.
  • 8. Re: Unable to login to Analytics with any user including 'Weblogic'
    961405 Newbie
    Currently Being Moderated
    Yes I do have the BI System Role present.
  • 9. Re: Unable to login to Analytics with any user including 'Weblogic'
    SunilSharma Expert
    Currently Being Moderated
    Did u try to reset the password for bisystem user related to AD? not the default authenticator bisystem user
  • 10. Re: Unable to login to Analytics with any user including 'Weblogic'
    961405 Newbie
    Currently Being Moderated
    I went to the LDAP_realm and changed the password for default authenticator BISystem user. I have configured for AD on this new realm but I do not see any users from my active directory. This is the only BISystem user present.

    I am not sure why there is no users from my AD but irrespective of that, I would expect weblogic which is the default authenticator to be able to login.

    I also tried switching back to the default realm in the hopes that it would 'undo' the AD configuration but it did not work. Not sure if it should work !!
  • 11. Re: Unable to login to Analytics with any user including 'Weblogic'
    SunilSharma Expert
    Currently Being Moderated
    looks like your password for AD is not working thats why its not able to talk to AD and pull the users in there. Try to check the password for AD and also the below details

    Host : pdc.gcbc.com
    Port : 389
    Principal : CN=ADBISystemUser, CN=Users, DC=gcbc, DC=com
    Credential : Welcome1
    Confirm Credential : Welcome1
    User Base DN : CN=Users,DC=gcbc, DC=com
    User Name Attribute : cn
    User Object Class : user
    Group Base DN : CN=Builtin, DC=gcbc, DC=com
    GUID Attribute : objectguid

    reset the password and then restart the admin adn managed server and see how it works whether it will show the users now or not
  • 12. Re: Unable to login to Analytics with any user including 'Weblogic'
    Turbokat Pro
    Currently Being Moderated
    958402 wrote:
    I went to the LDAP_realm and changed the password for default authenticator BISystem user. I have configured for AD on this new realm but I do not see any users from my active directory. This is the only BISystem user present.
    To reset BISystemUser password refer to : http://obieesagar.blogspot.com/2013/03/resetting-bisytemuser-password-in-obiee.html
    I am not sure why there is no users from my AD but irrespective of that, I would expect weblogic which is the default authenticator to be able to login.
    It may be because the principal user who you specified at provider Specific tab in AD Provider setting , account was expired/locked or is invalid. Suggest you download a LDAP browser like : directory.apache.org/studio/ and see if there is any issue with this principal user which is responsible for search other users in that User Base DN. Make sure with your Network admin this account is working or messed up with.
    I also tried switching back to the default realm in the hopes that it would 'undo' the AD configuration but it did not work. Not sure if it should work !!
    May its because your still have the user.login.attr and username.attr still pointing to cn?

    enable virtualize and value: true property in EM under Identity Security Store Properties and then refresh your GUID's and see if this changes anything.

    For info refer to : http://www.askjohnobiee.com/2012/08/fyi-enabling-virtualization.html

    HTH,
    SVS
  • 13. Re: Unable to login to Analytics with any user including 'Weblogic'
    961405 Newbie
    Currently Being Moderated
    Hello -

    I contacted the network admin and figured out there is a problem with the userid. He has now reset it. So, I change the credentials on the ADProvider as highlighted below:

    Principal : CN=*ADBISystemUser*, CN=Users, DC=gcbc, DC=com
    Credential : Welcome1
    Confirm Credential : Welcome1

    I restarted the admin and the bi server and I face the following problem:

    1. When I do a 'Start BI Services', the admin server starts up properly but it seems to be stuck on the BIserver. When I log on to EM, I see coreapplication down. So I restart all the services thru EM. Now the command prompt window shows proper start of the services and the 'BI Start' command prompt window disappears. Not sure why I have to restart thru EM.
    2. I still see the error 'Unable to initialize oracle.bi.security.service.SecurityWebService'. I confirmed that the new userid and password is working on the LDAP server. What could the possible reason be? I changed the new id/password only on the ADProvider as indicated above.

    Please help.

    Thanks !
  • 14. Re: Unable to login to Analytics with any user including 'Weblogic'
    SunilSharma Expert
    Currently Being Moderated
    you need to change the same password in EM for the bisystem user ADBISystemUser as it got changed/reset and after changing the same restart admin,managedserver and opmnctl and see how it goes

    mark if it helps

    Thanks,
    RM
1 2 Previous Next

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points