nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Oracle Communities

Oracle Analytics and AI

Child Item

OBIEE 11.1.1.9 cant startup(Presentation service status = init) after setup MSAD in Weblogic

User_L4MOL

it only works when i set DefaultAuthenticator as 1st in order and flag = required

had no idea on whats going on, can anyone please help??

Steps that i had done

1. Add XXXXAD in Weblogic provider and set it as sufficient

2. Set DefaultAuthenticator as sufficient

3. Reorder set XXXXAD as first, DefaultAuthenticator as second and lastly DefaultIdentifyAsserter

4. Create BISystemUser in MSAD.

5. Delete BISystemUser in DefaultAuthenticator

6. Add BISystemUser(MSAD) into admin of global role.

7. Login as EM-->Security-->Credientials-->oracle.bi.system-->system.user = BISystemUser and password exactly same as MSAD BISystemUser's password

8. Security-->Security Provider Configuration-->Identify Store Provider

optimize_search = true

connection_pool_class = oracle.security.idm.providers.stdldap.JNDIPool

virtualize=true

(didnt add user.login.attr=sAMAccountName, username.attr=sAMAccountName as OBIEE version is 11.1.1.9)

9. BI-->coreapplication-->Application Roles--> Add BISystemUser under BISystem Roles

10. Refresh GUI

11. Full restart in Weblogic and OBIEE

12. Patch installed

Patch 22221772

https://community.oracle.com/thread/3943145?parent=MOSC_EXTERNAL&sourceId=MOSC&id=3943145

Patch 21895214

https://support.oracle.com/epmos/faces/DocumentDisplay?_afrLoop=254310884985722&parent=EXTERNAL_SEARCH&sourceId=PROBLEM&id=2062681.1&_afrWindowMode=0&_adf.ctrl-state=e0f6luw0l_4

Logs

1. Nqserver.log

[2019-03-25T10:42:13.787+08:00] [OracleBIServerComponent] [ERROR:1] [] [] [ecid: 0fc3e828565e93f3:-92a902f:169b2a9b65a:-8000-0000000000000718,0:1:6] [tid: 568] [nQSError: 13057] Error From BI Security Service: SecurityService::execute [OBI-SEC-00015] Unable to find user {0} in identity store. [[

********** Task: 1. Running for (mls): 16 **********

Description: Authenticate

RPID: Star; user: BISystemUser; AppType: 0; Offline: false

]]

[2019-03-25T16:52:35.59+08:00] [OracleBIServerComponent] [ERROR:1] [] [] [ecid: 00isrqRuwc1Fw0zwVI03nz4b0CU2jhIze0001VC0002LU,0] [tid: 1ebc] [nQSError: 13057] Error From BI Security Service: oracle.webservices.provider.ProviderException: java.lang.RuntimeException: javax.security.auth.login.LoginException: [Security:090304]Authentication Failed: User BISystemUser javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User BISystemUser denied. [[

********** Task: 1. Running for (mls): 31 **********

Description: Authenticate

RPID: Star; user: BISystemUser; AppType: 0; Offline: false

]]

[2019-03-25T16:52:41.825+08:00] [OracleBIServerComponent] [ERROR:1] [] [] [ecid: 00isrqSKTIoFw0zwVI03nz4b0CU2jhIze0001VC0002Lj,0] [tid: 418] [nQSError: 13057] Error From BI Security Service: oracle.webservices.provider.ProviderException: java.lang.RuntimeException: javax.security.auth.login.LoginException: [Security:090304]Authentication Failed: User BISystemUser javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User BISystemUser denied. [[

********** Task: 1. Running for (mls): 110 **********

Description: Authenticate

RPID: Star; user: BISystemUser; AppType: 0; Offline: false

2. sawlog

[2019-03-25T16:24:57.000+08:00] [OBIPS] [ERROR:31] [] [saw.security.odbcuserpopulationimpl.searchidentities] [ecid: ] [tid: ] Error retrieving user/group data from Oracle BI Server's User Population API.

Could not create a system user connection to Oracle BI Server during start-up. Please check the error message and try again.

Authentication Failure.

Odbc driver returned an error (SQLDriverConnectW).

State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.

[nQSError: 43113] Message returned from OBIS.

[nQSError: 43126] Authentication failed: invalid user/password.

(08004)[[

File:odbcuserpoploaderimpl.cpp

Line:462

Location:

saw.security.odbcuserpopulationimpl.searchidentities

saw.security.userpopulationmanagerimpl.initializeroles

saw.security.securityimpl.initialize

saw.catalog.local.loadCatalog

saw.subsystems.catalogbootstrapper.loadcatalog

saw.webextensionbase.init

saw.sawserver

saw.sawserver.initializesawserver

saw.sawserver

]]

[2019-03-25T16:24:57.000+08:00] [OBIPS] [ERROR:10] [] [saw.security.userpopulationmanagerimpl.initializeroles] [ecid: ] [tid: ] Error retrieving user/group data from Oracle BI Server's User Population API.

Could not create a system user connection to Oracle BI Server during start-up. Please check the error message and try again.

Authentication Failure.

Odbc driver returned an error (SQLDriverConnectW).

State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.

[nQSError: 43113] Message returned from OBIS.

[nQSError: 43126] Authentication failed: invalid user/password.

(08004)[[

File:userpopulationmanagerimpl.cpp

Line:279

Location:

saw.security.userpopulationmanagerimpl.initializeroles

saw.security.securityimpl.initialize

saw.catalog.local.loadCatalog

saw.subsystems.catalogbootstrapper.loadcatalog

saw.webextensionbase.init

saw.sawserver

saw.sawserver.initializesawserver

saw.sawserver

]]

[2019-03-25T16:24:57.000+08:00] [OBIPS] [NOTIFICATION:1] [] [saw.security.userpopulationmanagerimpl.initializeroles] [ecid: ] [tid: ] Error searching roles in the backend to resolve GUIDs during user population manager initialization[[

File:userpopulationmanagerimpl.cpp

Line:280

Location:

saw.security.userpopulationmanagerimpl.initializeroles

saw.security.securityimpl.initialize

saw.catalog.local.loadCatalog

saw.subsystems.catalogbootstrapper.loadcatalog

saw.webextensionbase.init

saw.sawserver

saw.sawserver.initializesawserver

saw.sawserver

]]

[2019-03-25T16:24:57.000+08:00] [OBIPS] [ERROR:1] [] [saw.catalog.local.loadCatalog] [ecid: ] [tid: ] Error initializing or creating new Catalog: F:\erp\instances\instance1/bifoundation/OracleBIPresentationServicesComponent/coreapplication_obips1/catalog.

Error retrieving user/group data from Oracle BI Server's User Population API.

Could not create a system user connection to Oracle BI Server during start-up. Please check the error message and try again.

Authentication Failure.

Odbc driver returned an error (SQLDriverConnectW).

State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.

[nQSError: 43113] Message returned from OBIS.

[nQSError: 43126] Authentication failed: invalid user/password.

(08004)[[

File:localwebcatalog.cpp

Line:424

Location:

saw.catalog.local.loadCatalog

saw.subsystems.catalogbootstrapper.loadcatalog

saw.webextensionbase.init

saw.sawserver

saw.sawserver.initializesawserver

saw.sawserver

]]

[2019-03-25T16:24:57.000+08:00] [OBIPS] [NOTIFICATION:1] [] [saw.sawserver] [ecid: ] [tid: ] Oracle BI Presentation Services are shutting down.[[

File:sawserver.cpp

Line:867

Location:

saw.sawserver

saw.sawserver.terminatesawserver

saw.sawserver

]]

Find more posts tagged with

Accepted answers

All comments

Joel Acha

Follow these instructions to reset the trusted user (BISystemUser) password:

https://support.oracle.com/knowledge/Enterprise%20Performance%20Management%20and%20Business%20Intelligence/1352697_1.htm…

User_L4MOL

Thanks Joel for your speedy reply!

i did reset the trusted user and even reset the ldap trusted user password too.

however, the results is the same

User_ROR5D

HI,

Did you get any solution. I am also stuck at the same point. Reset the password but issue still exists.

[Deleted User]

Roll back your changes, delete the security provider and do it again step by step.

Verify every single config step - and that you can actually reach and query the MSAD - before switching over. Also it's not necessary to use the MSAD BISystemUser in MSAD at all. You can just leave both providers as sufficient and use the WLS-internal one.

User_L4MOL

cool thanks! i thought BISystemUser had to be exist on MSAD, ok i will give it a go. virtualize= true this property must set right??

thanks a lot

Joel Acha

Yes , you need to set virtualize=true

https://docs.oracle.com/middleware/bi12214/biee/BIESC/GUID-99968A33-0D49-41AE-83CC-A3CA4112E9F1.htm#GUID-0EDD6411-21BE-4C90-8337-88ADF97FEF11

[Deleted User]

3843707 wrote:cool thanks! i thought BISystemUser had to be exist on MSAD, ok i will give it a go. virtualize= true this property must set right??thanks a lot

A common misconception. If you leave the DefaultAuthenticator in the system as SUFFICIENT there is no need to do that.

Also, that reduces a 100% dependency on MSAD as it eliminates the potential situation of the system being down when MSAD is not available. I.e. you can still log on with admin accounts in WLS if MSAD is having issues or to troubleshoot the connectivity.

[Deleted User]

@3843707 did you give up on this?

User_L4MOL

i had removed BISystemUser from MSAD and confirm that BISystemUser only exist on DefaultAuthenticator with SUFFICIENT access right.

Unfornately , the result is the same.

another strange thing is...whenever the BISystemUser account authenication failed, it will lock one of users window account(Admin). i have no clue why his account being locked...i checked all the config files and confirm that his password dont hardcoded.

i guess i cant do anything here right now until i know the reason of his account being locked.......anyway thanks for your help

Aaron Samuel

Hi, Did you resolve the issue? If yes can you please share the solution. We are also facing the same issue now. Thanks in advance!