1665526 - Users outside of the Default AD forest cannot login to Business Objects Client tools

• When a user from outside the default AD forest attempts to login to CCM>Manage Servers as DOMAIN\username they get the following error: "Internal error"
• The same user receives the following error in the WEBI Rich Client: Logon failure due to an internal error.
• The same user receives the following error in the Universe Designer: Your login ID is not valid. 

                                                                                                      [repo_proxy 13] SessionFacade::openSessionLogon with user info has failed(Internal error.(hr=#0x80042a01)

Note: Users from the default domain or default forest are successfully able to login to CCM>Manage Servers and all the other client tools.

Wireshark capture on the CMS box while a user from remote forest attempts to login to CCM>Manage Servers shows the following error:

2510 32.887111 10.97.34.82 10.97.54.243 KRB5 KRB Error: KRB5KDC_ERR_POLICY NT Status: Unknown error code 0xc0000413

MSG Type: KRB-ERROR (30); error_code: KRB5KDC_ERR_POLICY (12)

CMS trace shows the following:

2011/10/13 22:20:37.140|==| | |12200| 700| |||||||||||||||WinAD: AcceptKerbLogin returned DENIED

2011/10/13 22:20:37.140|==| | |12200| 700| |||||||||||||||WinAD: AcceptKerbLogin failed: 3

2011/10/13 22:20:37.140|==| | |12200| 700| |||||||||||||||WinAD: AcceptKerbLogin() failed with code 3

SAP Business Objects Enterprise XI 3.1

Multiple Active Directory Forests

Internal error ccm manage servers windows ad , KBA , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , Problem