• Home

  • Documents

  • 1199995 Error the Active Directory Authentication Plug in Could Not Authenticate at This Time FQDN...
2
SAP Knowledge Base Article Symptom l This setting should be considered a Best Practice for all multi domain and multiple forest environments l Mapping a group from another domain is successful but fails to authenticate a user from this domain, and the following error message appears: l "The Active Directory Authentication plug in could not authenticate at this time. Please try again. If the problem persists, please contact your sys l Unable to map groups from 1 or more domains l Unable to map groups from 1 or more AD forests in XI 3.1 l Intermittent problems with active directory l Users are not showing proper group membership (view user groups shows only everyone or less than the total groups the user belongs to in AD l Any suspected DNS issues with the AD plugin l CMS logs show errors binding to a domain controller (s) Reproducing the Issue Issue can occur in ce8 - BI 4.x when Active Directory authentication is being used. Cause l The Central Management Server (CMS) is not able to bind to the domain controller without using using FQDN. l The CMS has 2 options for domain resolution, via hostname (default), or FQDN (using this solution) More Information l This boolean key determines whether the Active Directory (AD) Authentication plug in binds to servers (both Global Catalogs and Domain Contr the FQDN (Fully Qualified Domain Name) or the "short" netbios name. l For example, if set to 'True', it might bind to a GC using the name "vanaddc02.crystald.net". If 'False' though, it would bind using the short name is necessary as some valid AD environments will result in slow DNS queries if the FQDN is not used. Resolution WARNING: The following resolution involves editing the registry. Using the Registry Editor incorrectly can cause serious problems that may requ reinstall the Microsoft Windows operating system. Use the Registry Editor at your own risk. It is strongly recommended that you make a backup copy of the registry files before you edit the registry information on how to edit the registry key, view the 'Changing Keys And Values' online Help topic in the Registry Editor (Regedit.exe). Refer to Note 1323322 for more information. 1. Create the following registry String Value on the CMS machine: XIR2 HKEY_LOCAL_MACHINE\SOFTWARE\Business Objects\Suite 11.5\Enterprise\Auth Plugins\secWinAD\UseFQDNForDir XIR3 HKEY_LOCAL_MACHINE\SOFTWARE\Business Objects\Suite 12.0\Enterprise\Auth Plugins\secWinAD\UseFQDNForDirectoryServers 64-bit - HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Business Objects\Suite 12.0\Enterprise\Auth Plugins\secWinAD\UseFQDNForDire 2. Set it's value to 'True' then restart the CMS/SIA for the change to take effect. XI4 HKEY_LOCAL_MACHINE\SOFTWARE\SAP BusinessObjects\Suite XI 4.0\Enterprise\Auth Plugins\secWinAD\UseFQDNForDirectoryServers 2. Set it's value to 'True' then restart the CMS/SIA for the change to take effect. To NOTE: l This key does not exist by default. If it is not set, the AD Authentication plugin assumes a value of 'false' (0). l To ensure your key is working ensure you see something similar to the following in the CMS trace logs: ¡ WINAD: ADRegistry::ReadKeys() -- Reading secWinAD/UseFQDNForDirectoryServers ¡ WINAD: ADRegistry::ToBoolean() -- Parsed True as true. 1199995 - Error: "The Active Directory Authentication plug in could not authenticate at this time" (FQDN registry key) Version 11 Validity: 04.12.2013 - active Language English

1199995 Error the Active Directory Authentication Plug in Could Not Authenticate at This Time FQDN Registry Key

Embed Size (px)

DESCRIPTION

1199995 Error the Active Directory Authentication Plug in Could Not Authenticate at This Time FQDN Registry Key

Citation preview

Page 1: 1199995 Error the Active Directory Authentication Plug in Could Not Authenticate at This Time FQDN Registry Key

SAP Knowledge Base Article

Symptom

l This setting should be considered a Best Practice for all multi domain and multiple forest environments l Mapping a group from another domain is successful but fails to authenticate a user from this domain, and the following error message appears: l "The Active Directory Authentication plug in could not authenticate at this time. Please try again. If the problem persists, please contact your system administrator? l Unable to map groups from 1 or more domains l Unable to map groups from 1 or more AD forests in XI 3.1 l Intermittent problems with active directory l Users are not showing proper group membership (view user groups shows only everyone or less than the total groups the user belongs to in AD) l Any suspected DNS issues with the AD plugin l CMS logs show errors binding to a domain controller (s)

Reproducing the Issue

Issue can occur in ce8 - BI 4.x when Active Directory authentication is being used.

 

Cause

l The Central Management Server (CMS) is not able to bind to the domain controller without using using FQDN. l The CMS has 2 options for domain resolution, via hostname (default), or FQDN (using this solution)

More Information

l This boolean key determines whether the Active Directory (AD) Authentication plug in binds to servers (both Global Catalogs and Domain Controllers) by using the FQDN (Fully Qualified Domain Name) or the "short" netbios name.

l For example, if set to 'True', it might bind to a GC using the name "vanaddc02.crystald.net". If 'False' though, it would bind using the short name "vanaddc02". This is necessary as some valid AD environments will result in slow DNS queries if the FQDN is not used.

Resolution

WARNING: The following resolution involves editing the registry. Using the Registry Editor incorrectly can cause serious problems that may require you to reinstall the Microsoft Windows operating system.

Use the Registry Editor at your own risk. It is strongly recommended that you make a backup copy of the registry files before you edit the registry. For information on how to edit the registry key, view the 'Changing Keys And Values' online Help topic in the Registry Editor (Regedit.exe).

Refer to Note 1323322 for more information.

 

1. Create the following registry String Value on the CMS machine:

XIR2

HKEY_LOCAL_MACHINE\SOFTWARE\Business Objects\Suite 11.5\Enterprise\Auth Plugins\secWinAD\UseFQDNForDirectoryServers

XIR3

HKEY_LOCAL_MACHINE\SOFTWARE\Business Objects\Suite 12.0\Enterprise\Auth Plugins\secWinAD\UseFQDNForDirectoryServers

64-bit - HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Business Objects\Suite 12.0\Enterprise\Auth Plugins\secWinAD\UseFQDNForDirectoryServers

2. Set it's value to 'True' then restart the CMS/SIA for the change to take effect.

XI4

HKEY_LOCAL_MACHINE\SOFTWARE\SAP BusinessObjects\Suite XI 4.0\Enterprise\Auth Plugins\secWinAD\UseFQDNForDirectoryServers

2. Set it's value to 'True' then restart the CMS/SIA for the change to take effect.

To NOTE:

l This key does not exist by default. If it is not set, the AD Authentication plugin assumes a value of 'false' (0). l To ensure your key is working ensure you see something similar to the following in the CMS trace logs:

¡ WINAD: ADRegistry::ReadKeys() -- Reading secWinAD/UseFQDNForDirectoryServers ¡ WINAD: ADRegistry::ToBoolean() -- Parsed True as true.

    1199995 - Error: "The Active Directory Authentication plug in could not authenticate at this time" (FQDN registry key)

Version   11     Validity: 04.12.2013 - active   Language   English

Page 2: 1199995 Error the Active Directory Authentication Plug in Could Not Authenticate at This Time FQDN Registry Key

Keywords

multiple domain, transitive domain , 4096226, second domain, non default domain, non-default use fqdn registry key AD windows active directory

Header Data

Product

Released On 04.12.2013 00:37:16

Release Status Released to Customer

Component BI-BIP-AUT Authentication, ActiveDirectory, LDAP, SSO, Vintela

Priority Normal

Category Problem

Product Product Version

SAP BusinessObjects Business Intelligence platform BOBJ ENTERPRISE XI R2

SAP BusinessObjects Business Intelligence platform 4.0

SAP BusinessObjects Business Intelligence platform 4.0, feature

SAP BusinessObjects Enterprise XI 3.0

SAP BusinessObjects Enterprise XI 3.1


Evidences Necessary to Authenticate a Divine Revelation Lesson Plan

Evidences Necessary to Authenticate a Divine Revelation Lesson Plan

Documents
Advancd Registry Architectures Robust, Reliable, and Resilient Registry Operations Advancd Registry Architectures Robust, Reliable, and Resilient Registry

Advancd Registry Architectures Robust, Reliable, and Resilient Registry Operations Advancd Registry Architectures Robust, Reliable, and Resilient Registry

Documents
Authenticate user AuthenticationContext aCtx = new AuthenticationContext(“); AuthenticationResult

Authenticate user AuthenticationContext aCtx = new AuthenticationContext(“); AuthenticationResult

Documents
Intel® Authenticate : guide d'intégration pour Microsoft* SCCM

Intel® Authenticate : guide d'intégration pour Microsoft* SCCM

Documents
How to authenticate application users using SAML · PDF fileHow to authenticate application users using SAML 1 How to authenticate application users using SAML Provided by SAP’s

How to authenticate application users using SAML · PDF fileHow to authenticate application users using SAML 1 How to authenticate application users using SAML Provided by SAP’s

Documents
Vienna/Austria Authenticate as entitled user or app for the individual service Authenticate as entitled user for our web portal Decide what

Vienna/Austria Authenticate as entitled user or app for the individual service Authenticate as entitled user for our web portal Decide what

Documents
crypto pki authenticate through cts sxp retry period · crypto pki authenticate through cts sxp retry period • cryptopkiauthenticate, page 4 • cryptopkibenchmark, page 6 • cryptopkicertvalidate,

crypto pki authenticate through cts sxp retry period · crypto pki authenticate through cts sxp retry period • cryptopkiauthenticate, page 4 • cryptopkibenchmark, page 6 • cryptopkicertvalidate,

Documents
How to Authenticate using MAC Address

How to Authenticate using MAC Address

Documents
How to Authenticate This Official PDF Transcript

How to Authenticate This Official PDF Transcript

Documents
Trust Nothing. Authenticate and Authorize Everything

Trust Nothing. Authenticate and Authorize Everything

Documents
UpgradeProcedures · Field EssentialInformation EntertheCiscoUCSManagerFQDNorIPaddress.Example: 10.193.211.120. UCS Manager FQDN/IP field User Name field EntertheCiscoUCSManager

UpgradeProcedures · Field EssentialInformation EntertheCiscoUCSManagerFQDNorIPaddress.Example: 10.193.211.120. UCS Manager FQDN/IP field User Name field EntertheCiscoUCSManager

Documents
VMware Workspace ONE Access: Troubleshooting FQDN Updates › sites › default › files › Trouble… · Troubleshooting FQDN Updates: VMware Workspace ONE Access Operational Tutorial

VMware Workspace ONE Access: Troubleshooting FQDN Updates › sites › default › files › Trouble… · Troubleshooting FQDN Updates: VMware Workspace ONE Access Operational Tutorial

Documents
Wlc Authenticate

Wlc Authenticate

Documents
Registry Keys Reference - Novell · 2014. 11. 12. · Registry Key Name Registry Key Path Description Registry Key Type Registry Key Value AllowAnonymousAc cessToContentRep o Windows:

Registry Keys Reference - Novell · 2014. 11. 12. · Registry Key Name Registry Key Path Description Registry Key Type Registry Key Value AllowAnonymousAc cessToContentRep o Windows:

Documents
REGISTRY AGREEMENT This REGISTRY AGREEMENT (this

REGISTRY AGREEMENT This REGISTRY AGREEMENT (this

Documents
Hardening DNS: How to Configure Your DNS Infrastructure to … · • BLACKLIST DROP UDP IP prior to rate limiting • BLACKLIST TCP FQDN lookup • BLACKLIST UDP FQDN lookup •

Hardening DNS: How to Configure Your DNS Infrastructure to … · • BLACKLIST DROP UDP IP prior to rate limiting • BLACKLIST TCP FQDN lookup • BLACKLIST UDP FQDN lookup •

Documents
Progressive authentication: deciding when to authenticate - Usenix

Progressive authentication: deciding when to authenticate - Usenix

Documents
Track and Authenticate Asset with RFID Labels - idsolutionsindia.com

Track and Authenticate Asset with RFID Labels - idsolutionsindia.com

Documents
Intel® Authenticate – Integration Guide for McAfee ePolicy ... · Intel®Authenticate Guíadeintegraciónpara McAfee*ePolicyOrchestrator Versión 3.1 Fecha de publicación del

Intel® Authenticate – Integration Guide for McAfee ePolicy ... · Intel®Authenticate Guíadeintegraciónpara McAfee*ePolicyOrchestrator Versión 3.1 Fecha de publicación del

Documents
Password Authenticate in Banner Administrative, …...Password Authenticate in Banner Administrative, Self Service (InterWeb)and Blackboard IMPORTANT NOTICE: Students, faculty and

Password Authenticate in Banner Administrative, …...Password Authenticate in Banner Administrative, Self Service (InterWeb)and Blackboard IMPORTANT NOTICE: Students, faculty and

Documents
Deutsches Rechnungslegungs Standards Committee e.V ... · - Data Type Registry 1.x - Functions Registry 1.0 - Link Role Registry 2.0 - Link Role Registry 1.0 - Units Registry 1.0

Deutsches Rechnungslegungs Standards Committee e.V ... · - Data Type Registry 1.x - Functions Registry 1.0 - Link Role Registry 2.0 - Link Role Registry 1.0 - Units Registry 1.0

Documents
Amped Authenticate 1 - EMT · Microsoft Word - Amped Authenticate 1 Author: Umut Koyuncu Created Date: 9/12/2017 9:40:39 AM

Amped Authenticate 1 - EMT · Microsoft Word - Amped Authenticate 1 Author: Umut Koyuncu Created Date: 9/12/2017 9:40:39 AM

Documents
Go to the reset password screen Security Documents/Active... · Authenticate with Active Directory Credentials. Authenticate with Challenge Questions. O *What is your BirthDate? (MMDDYYYY)

Go to the reset password screen Security Documents/Active... · Authenticate with Active Directory Credentials. Authenticate with Challenge Questions. O *What is your BirthDate? (MMDDYYYY)

Documents
10 Ways How You Could Authenticate Your Digital Citizenship

10 Ways How You Could Authenticate Your Digital Citizenship

Internet
Aviatrix FQDN Egress Filtering on the AWS Cloud...Amazon Web Services – Aviatrix FQDN Egress Filtering on the AWS Cloud July 2018 Page 6 of 23 The Aviatrix Controller deploys the

Aviatrix FQDN Egress Filtering on the AWS Cloud...Amazon Web Services – Aviatrix FQDN Egress Filtering on the AWS Cloud July 2018 Page 6 of 23 The Aviatrix Controller deploys the

Documents
การติดตั้ง Authenticate Firewall

การติดตั้ง Authenticate Firewall

Documents
FLIR Systems, Inc. DNS Practice Statement for the FLIR Zone · The Registry uses NSEC records as specified in RFC 4034 to authenticate denial of existence. 6.3 Signature Format The

FLIR Systems, Inc. DNS Practice Statement for the FLIR Zone · The Registry uses NSEC records as specified in RFC 4034 to authenticate denial of existence. 6.3 Signature Format The

Documents
OASIS/ebXML Registry Information Model v2.02 Bug … · Registry Registry to Registry

OASIS/ebXML Registry Information Model v2.02 Bug … · Registry Registry to Registry

Documents
MMF reference model figures. PDES/STEP Registry Manufacturing ebXML Registry UDDI Component Registry GCI Registry EAN Registry CPFR Registry RosettaNet

MMF reference model figures. PDES/STEP Registry Manufacturing ebXML Registry UDDI Component Registry GCI Registry EAN Registry CPFR Registry RosettaNet

Documents
The basics of Domain name, FQDN and URL address | Exchange infrastructure |Part 09#36

The basics of Domain name, FQDN and URL address | Exchange infrastructure |Part 09#36

Documents