cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Kerboers taget BICMS/biservice.abc.com in unknwon

Go to solution
Former Member

on ‎03-02-2015 12:12 PM

0 Kudos

Dear Experts,

I am trying to activate Windows AD authentication for BOBJ Tools .

Version - BOBJ 4.1 SP2

I have done below activity -

On AD Server

1. Created Service account biservice with Administrator rights & a userA.

2. Created a User Group - BO User and added biservice (Service account) and UserA

3. Run below 3 Commands as per blog - http://scn.sap.com/blogs/josh_fletcher/2012/06/11/active-directory-sso-for-sap-businessobjects-bi4

     setspn -a BICMS/biservice.abc.com biservice

     setspn -a HTTP/bobjserver biservice

     setspn -a HTTP/bobjserver.abc.com biservice


4. I have also tested with setspn -L biservice. I am getting all above objects.


On BOBJ Server -


1. on CMC -> Authetication -> Windows AD


Given Parameter -


1. AD Administrator - abc\biservice

2. AD Administrator pw

3. Default AD Domain - abc.com

4. AD User Group - abc\BO User

5. Autheticaion Option - User Kerbores authetication

     Service Principal name - BICMS/biservice.abc.com

   Checked Enable SSO opiton

6. AD alias option same as mentioned in above blog.


Test Performed - I am able to see the Users in CMC -> User management under Group Hierarchy "BO User".

-> I have tried with NTLM option and it's working fine.



ISSUE - While selecting Kerbores authentication in CMC -> Authentication -> Windows AD I am getting error "Kerboers target BICMS/biservice.abc.com in unknwon (FWM 00003).



I have installed wireshark as well but getting -





Can anyone have idea how do i resolve this ?


Thanks for your help.


With Regards,

Rishit Kamdar

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member189884
Contributor
‎03-02-2015 12:51 PM
0 Kudos

The domain name in the CMC is case sensitive. be sure you are using upper case in both the krb5.ini file and the CMC.

Are you able to log into the manage servers option in the CCM using the AD account?

You can reference KBA 1631734 - Configuring Active Directory Manual Authentication and SSO for BI4

Show replies
Show replies
Former Member
‎03-02-2015 1:23 PM
0 Kudos

Hey guys,

Thanks for your reply.

I just resolved the issue.

It was due to case-sensitive reason.

Thanks.

Answers (2)

Answers (2)

Former Member
‎03-04-2015 2:00 PM
0 Kudos

Dear All,

I am able to login to Manage Server with AD User and AD Authentication as well as WebI tool.

I am also able to login to CMC & BI Launch Pad with AD User & AD Authentication (Wtih Manual login - right now don't want SSO for Launch Pad & CMC)

BUT ----

I am not able to login to IDT as well as not able to connect to BOBJ Server through swf file.

Can anyone suggest what I am missing ?

Show replies
Show replies
Former Member
‎03-05-2015 10:12 AM
0 Kudos

Dear All,

I resolved IDT issue by modifying InformationDesignTool.ini file.

But anyone have idea for swf files ? Is there any .ini file get called while executing swf files ?

former_member926196
Active Participant
‎03-02-2015 1:09 PM
0 Kudos

Hi Rishit,

Change the default AD Domain to upper case : ABC.COM and also make sure there are no extra spaces in the service principal name box.

-Ambarish-

Show replies
Show replies
Ask a Question