SAP Knowledge Base Article - Preview

1665526 - Users outside of the Default AD forest cannot login to Business Objects Client tools


    • When a user from outside the default AD forest attempts to login to CCM>Manage Servers as DOMAIN\username they get the following error: "Internal error"
    • The same user receives the following error in the WEBI Rich Client: Logon failure due to an internal error.
    • The same user receives the following error in the Universe Designer: Your login ID is not valid. 

                                                                                                      [repo_proxy 13] SessionFacade::openSessionLogon with user info has failed(Internal error.(hr=#0x80042a01)

Note: Users from the default domain or default forest are successfully able to login to CCM>Manage Servers and all the other client tools.


Wireshark capture on the CMS box while a user from remote forest attempts to login to CCM>Manage Servers shows the following error:

2510 32.887111 KRB5 KRB Error: KRB5KDC_ERR_POLICY NT Status: Unknown error code 0xc0000413

MSG Type: KRB-ERROR (30); error_code: KRB5KDC_ERR_POLICY (12)

CMS trace shows the following:

2011/10/13 22:20:37.140|==| | |12200| 700| |||||||||||||||WinAD: AcceptKerbLogin returned DENIED

2011/10/13 22:20:37.140|==| | |12200| 700| |||||||||||||||WinAD: AcceptKerbLogin failed: 3

2011/10/13 22:20:37.140|==| | |12200| 700| |||||||||||||||WinAD: AcceptKerbLogin() failed with code 3




SAP Business Objects Enterprise XI 3.1

Multiple Active Directory Forests


SAP BusinessObjects Enterprise XI 3.1


Internal error ccm manage servers windows ad , KBA , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.