Discussions
Categories
- 17.9K All Categories
- 3.4K Industry Applications
- 3.3K Intelligent Advisor
- 62 Insurance
- 536K On-Premises Infrastructure
- 138.2K Analytics Software
- 38.6K Application Development Software
- 5.7K Cloud Platform
- 109.4K Database Software
- 17.5K Enterprise Manager
- 8.8K Hardware
- 71.1K Infrastructure Software
- 105.2K Integration
- 41.5K Security Software
MSAD authentication problems in HFM Application server 11.2.4

I have installed a distributed solution on 11.2.4
Most issues along the way has been solved.
On all servers I have the same cacerts in the jdk_181\jre\lib\security folder which has the certificates needed to authenticate against the MSAD servers using SSL. (I actually have exact same cacert file on all the servers as I have copied it between them.)
It works just fine on everything except for HFM. On the HFM application servers (Only running the hfm server application. No web components or such) I get the error message
[EPMCSS] [ERROR] [EPMCSS-07047] [oracle.EPMCSS.CSS] [tid: 18] [ecid: 6f65d020-f226-4e46-a8f4-5bfef1db4478-00000002,0:3] [SRC_CLASS: com.hyperion.css.spi.util.jndi.pool.JNDIConnectionPool] [SRC_METHOD: init] UNKNOWN operation failed. Error executing query. RootCause : xx.xx.xx.xx:636. Verify user directory configuration.
[EPMCSS] [ERROR] [EPMCSS-05860] [oracle.EPMCSS.CSS] [tid: 18] [ecid: 6f65d020-f226-4e46-a8f4-5bfef1db4478-00000002,0:3] [SRC_CLASS: com.hyperion.css.spi.impl.msad.JNDIHelper] [SRC_METHOD: getURLContext] UNKNOWN operation failed. Error connecting to url. RootCause : EPMCSS-07047: UNKNOWN operation failed. Error executing query. RootCause : xx.xx.xx.xx:636. Verify user directory configuration.. Verify MSAD user directory configuration.
Do I need to add the certificates on another place for MSAD authentication to work on HFM application server?
Answers
-
You may need to check this.
-
I have imported the certificate chain into the MIDDLEWARE_HOME/jdk1.8.0_181/jre/lib/security/cacerts
It works on all other components besides the HFM application server. It is as if the HFM application server doesn't use that cacerts but something else when virfying the MSAD cert.
-
did you do this?
Note:EPM System servers may fail to start if you disable non-SSL mode after configuring SSL.
-
Not as far as I know.. And the hfm server is starting.. it just wont authenticate msad users.. it works fine with native users.