SAP Knowledge Base Article - Preview

1558899 - Active Directory Authentication failed to verify the mapped groups. If the problem persists, please delete and re-map into BusinessObjects Enterprise all currently mapped groups

Symptom

  • Active directory users are not populating under CMC AD groups but able to see under CMC users list. When refresh users list under AD group, it throws an error "Active Directory Authentication failed to verify the mapped groups. If the problem persists, please delete and re-map into BusinessObjects Enterprise all currently mapped groups"
  • When checking for cmc users list under AD groups, did not able to locate Active directory users. But we can able to see them under users list.
  • When trying to login desktop intelligence and designer, it is throwing "Internal error".
  • In the CMC trace the following was found
2011/02/14 19:54:57.412|==| | | 5060|2644| |||||||||||||||WINAD: CAccountEntity::BindIADs() called with a path of CN=customerCN,OU=Groups,OU=X_Disabled_Cleanup,DC=customerDC,DC=customerDC 
2011/02/14 19:54:57.428|==| | | 5060|2644| |||||||||||||||WINAD: CAccountEntity::PopulateProps() -- Could not determine type: objectClass=group, sAMAccountType=536870913
2011/02/14 19:54:57.428|==| | | 5060|2644| |||||||||||||||WINAD: ADAccountFactory::GetFromSid() -- Could not initialize account.
2011/02/14 19:54:57.428|==| | | 5060|2644| |||||||||||||||WINAD: ADAggregationManager::UpdateGraph() -- Error populating cache.
2011/02/14 19:54:57.428|==| | | 5060|2644| |||||||||||||||WINAD: ADUpdateThread::run() -- Failure updating the graph.
2011/02/14 19:54:57.428|==| | | 5060|2644| |||||||||||||||WINAD: CADGraphKeeper::GraphIsCurrent() -- No graph.  Returning false.
We concluded from this that a group (which sid was identified in the same thread earlier) that the group had been disabled or modified so that the CMS could no longer read it's members, causing the graph to fail and the subsequent symptoms described above
2011/02/14 19:54:57.397|==| | | 5060|2644| |||||||||||||||WINAD: ADAccountFactory::GetAccount() called for S-1-5-21-customer sid
2011/02/14 19:54:57.397|==| | | 5060|2644| |||||||||||||||WINAD: ADAccountFactory::GetFromSid() -- Sid not found in cache: S-1-5-21-customer sid
2011/02/14 19:54:57.397|==| | | 5060|2644| |||||||||||||||WINAD: CAccountEntity::BindIADsToLDAPFromSid() -- called with a sid of S-1-5-21-customer sid


Read more...

Environment

  • Business objects XI 3.1, XI 3.1 SP2, SP3, this could appear in all versions of XI 3.x
  • It's possible similar could be found in XIR2 but the logging was different and the specics would change.

Product

SAP BusinessObjects Enterprise XI 3.1

Keywords

zie Active Directory Authentication failed to verify the mapped groups. If the problem persists, please delete and re-map into BusinessObjects Enterprise all currently mapped groups,internal error,bad AD group , KBA , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.