Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 15 Oracle Analytics Lounge
- 214 Oracle Analytics News
- 42 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 78 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
OBIEE 11.1.1.9 cant startup(Presentation service status = init) after setup MSAD in Weblogic
it only works when i set DefaultAuthenticator as 1st in order and flag = required
had no idea on whats going on, can anyone please help??
Steps that i had done
1. Add XXXXAD in Weblogic provider and set it as sufficient
2. Set DefaultAuthenticator as sufficient
3. Reorder set XXXXAD as first, DefaultAuthenticator as second and lastly DefaultIdentifyAsserter
4. Create BISystemUser in MSAD.
5. Delete BISystemUser in DefaultAuthenticator
6. Add BISystemUser(MSAD) into admin of global role.
7. Login as EM-->Security-->Credientials-->oracle.bi.system-->system.user = BISystemUser and password exactly same as MSAD BISystemUser's password
8. Security-->Security Provider Configuration-->Identify Store Provider
optimize_search = true
connection_pool_class = oracle.security.idm.providers.stdldap.JNDIPool
virtualize=true
(didnt add user.login.attr=sAMAccountName, username.attr=sAMAccountName as OBIEE version is 11.1.1.9)
9. BI-->coreapplication-->Application Roles--> Add BISystemUser under BISystem Roles
10. Refresh GUI
11. Full restart in Weblogic and OBIEE
12. Patch installed
https://community.oracle.com/thread/3943145?parent=MOSC_EXTERNAL&sourceId=MOSC&id=3943145
Logs
1. Nqserver.log
[2019-03-25T10:42:13.787+08:00] [OracleBIServerComponent] [ERROR:1] [] [] [ecid: 0fc3e828565e93f3:-92a902f:169b2a9b65a:-8000-0000000000000718,0:1:6] [tid: 568] [nQSError: 13057] Error From BI Security Service: SecurityService::execute [OBI-SEC-00015] Unable to find user {0} in identity store. [[
********** Task: 1. Running for (mls): 16 **********
Description: Authenticate
RPID: Star; user: BISystemUser; AppType: 0; Offline: false
]]
[2019-03-25T16:52:35.59+08:00] [OracleBIServerComponent] [ERROR:1] [] [] [ecid: 00isrqRuwc1Fw0zwVI03nz4b0CU2jhIze0001VC0002LU,0] [tid: 1ebc] [nQSError: 13057] Error From BI Security Service: oracle.webservices.provider.ProviderException: java.lang.RuntimeException: javax.security.auth.login.LoginException: [Security:090304]Authentication Failed: User BISystemUser javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User BISystemUser denied. [[
********** Task: 1. Running for (mls): 31 **********
Description: Authenticate
RPID: Star; user: BISystemUser; AppType: 0; Offline: false
]]
[2019-03-25T16:52:41.825+08:00] [OracleBIServerComponent] [ERROR:1] [] [] [ecid: 00isrqSKTIoFw0zwVI03nz4b0CU2jhIze0001VC0002Lj,0] [tid: 418] [nQSError: 13057] Error From BI Security Service: oracle.webservices.provider.ProviderException: java.lang.RuntimeException: javax.security.auth.login.LoginException: [Security:090304]Authentication Failed: User BISystemUser javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User BISystemUser denied. [[
********** Task: 1. Running for (mls): 110 **********
Description: Authenticate
RPID: Star; user: BISystemUser; AppType: 0; Offline: false
2. sawlog
[2019-03-25T16:24:57.000+08:00] [OBIPS] [ERROR:31] [] [saw.security.odbcuserpopulationimpl.searchidentities] [ecid: ] [tid: ] Error retrieving user/group data from Oracle BI Server's User Population API.
Could not create a system user connection to Oracle BI Server during start-up. Please check the error message and try again.
Authentication Failure.
Odbc driver returned an error (SQLDriverConnectW).
State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
[nQSError: 43113] Message returned from OBIS.
[nQSError: 43126] Authentication failed: invalid user/password.
(08004)[[
File:odbcuserpoploaderimpl.cpp
Line:462
Location:
saw.security.odbcuserpopulationimpl.searchidentities
saw.security.userpopulationmanagerimpl.initializeroles
saw.security.securityimpl.initialize
saw.catalog.local.loadCatalog
saw.subsystems.catalogbootstrapper.loadcatalog
saw.webextensionbase.init
saw.sawserver
saw.sawserver.initializesawserver
saw.sawserver
]]
[2019-03-25T16:24:57.000+08:00] [OBIPS] [ERROR:10] [] [saw.security.userpopulationmanagerimpl.initializeroles] [ecid: ] [tid: ] Error retrieving user/group data from Oracle BI Server's User Population API.
Could not create a system user connection to Oracle BI Server during start-up. Please check the error message and try again.
Authentication Failure.
Odbc driver returned an error (SQLDriverConnectW).
State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
[nQSError: 43113] Message returned from OBIS.
[nQSError: 43126] Authentication failed: invalid user/password.
(08004)[[
File:userpopulationmanagerimpl.cpp
Line:279
Location:
saw.security.userpopulationmanagerimpl.initializeroles
saw.security.securityimpl.initialize
saw.catalog.local.loadCatalog
saw.subsystems.catalogbootstrapper.loadcatalog
saw.webextensionbase.init
saw.sawserver
saw.sawserver.initializesawserver
saw.sawserver
]]
[2019-03-25T16:24:57.000+08:00] [OBIPS] [NOTIFICATION:1] [] [saw.security.userpopulationmanagerimpl.initializeroles] [ecid: ] [tid: ] Error searching roles in the backend to resolve GUIDs during user population manager initialization[[
File:userpopulationmanagerimpl.cpp
Line:280
Location:
saw.security.userpopulationmanagerimpl.initializeroles
saw.security.securityimpl.initialize
saw.catalog.local.loadCatalog
saw.subsystems.catalogbootstrapper.loadcatalog
saw.webextensionbase.init
saw.sawserver
saw.sawserver.initializesawserver
saw.sawserver
]]
[2019-03-25T16:24:57.000+08:00] [OBIPS] [ERROR:1] [] [saw.catalog.local.loadCatalog] [ecid: ] [tid: ] Error initializing or creating new Catalog: F:\erp\instances\instance1/bifoundation/OracleBIPresentationServicesComponent/coreapplication_obips1/catalog.
Error retrieving user/group data from Oracle BI Server's User Population API.
Could not create a system user connection to Oracle BI Server during start-up. Please check the error message and try again.
Authentication Failure.
Odbc driver returned an error (SQLDriverConnectW).
State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
[nQSError: 43113] Message returned from OBIS.
[nQSError: 43126] Authentication failed: invalid user/password.
(08004)[[
File:localwebcatalog.cpp
Line:424
Location:
saw.catalog.local.loadCatalog
saw.subsystems.catalogbootstrapper.loadcatalog
saw.webextensionbase.init
saw.sawserver
saw.sawserver.initializesawserver
saw.sawserver
]]
[2019-03-25T16:24:57.000+08:00] [OBIPS] [NOTIFICATION:1] [] [saw.sawserver] [ecid: ] [tid: ] Oracle BI Presentation Services are shutting down.[[
File:sawserver.cpp
Line:867
Location:
saw.sawserver
saw.sawserver.terminatesawserver
saw.sawserver
]]
Answers
-
Follow these instructions to reset the trusted user (BISystemUser) password:
0 -
Thanks Joel for your speedy reply!
i did reset the trusted user and even reset the ldap trusted user password too.
however, the results is the same
0 -
HI,
Did you get any solution. I am also stuck at the same point. Reset the password but issue still exists.
0 -
Roll back your changes, delete the security provider and do it again step by step.
Verify every single config step - and that you can actually reach and query the MSAD - before switching over. Also it's not necessary to use the MSAD BISystemUser in MSAD at all. You can just leave both providers as sufficient and use the WLS-internal one.
0 -
cool thanks! i thought BISystemUser had to be exist on MSAD, ok i will give it a go. virtualize= true this property must set right??
thanks a lot
0 -
Yes , you need to set virtualize=true
0 -
3843707 wrote:cool thanks! i thought BISystemUser had to be exist on MSAD, ok i will give it a go. virtualize= true this property must set right??thanks a lot
A common misconception. If you leave the DefaultAuthenticator in the system as SUFFICIENT there is no need to do that.
Also, that reduces a 100% dependency on MSAD as it eliminates the potential situation of the system being down when MSAD is not available. I.e. you can still log on with admin accounts in WLS if MSAD is having issues or to troubleshoot the connectivity.
0 -
@3843707 did you give up on this?
0 -
i had removed BISystemUser from MSAD and confirm that BISystemUser only exist on DefaultAuthenticator with SUFFICIENT access right.
Unfornately , the result is the same.
another strange thing is...whenever the BISystemUser account authenication failed, it will lock one of users window account(Admin). i have no clue why his account being locked...i checked all the config files and confirm that his password dont hardcoded.
i guess i cant do anything here right now until i know the reason of his account being locked.......anyway thanks for your help
0 -
Hi, Did you resolve the issue? If yes can you please share the solution. We are also facing the same issue now. Thanks in advance!
0
