2141819 - Active Directory Single Sign On stopped working after changing service account's password

Active Directory Single Sign On (AD SSO) stopped working after changing service account's password. When an AD user login to BO Launch Pad, login screen will popup.

SAP BusinessObjects BI Platform 4.x

1. Configure AD SSO for BI 4.x follow KBA 2629070 - How to Securely Integrate BI 4.x with Windows Active Directory and SSO in Distributed Environments - Master KBA and Best Practice
2. Verify that AD user is able to login to BI Launch Pad without input user name and password.
3. Change password of service account from domain controller.
4. AD user is not able to login to BI Launch Pad using SSO, login screen popups.

IMPORTANT TO NOTE: 

Prior to changing an AD service account password ensure that there are no plugin errors when performing an update CMC > Authentication > Windows AD > update (any errors must be fixed prior to changing the password or the plugin will be disabled and may need to be reset) 

1. Go to Central Management Console > Authentication > Windows AD, update the new password in AD Configuration Summary if you use service account here, then click Update button.
2. Go to Central Configuration Manager, stop Server Intelligence Agent, go to Properties > Log On As, update the new password for the service account, then start Server Intelligence Agent.
3. Go to <boinstall\tomcat\webapps\BOE\WEB-INF\config\custom>, open global.properties file, update idm.password=serviceaccountpassword with the new password, and if global.properties has copied into the <boinstall\warfiles\webapps\BOE\WEB-INF\config\custom>, idm.password=serviceaccountpassword in this global.properties file should be replaced with the new password as well.
4. Restart Tomcat.

• If service account password is encrypted with a keytab file, then a keytab file should be recreated with the new password, and then copy the new keytab file to c:\windows\ directory of the application server and restart Tomcat.
• Please note that idm.password=serviceaccountpassword in global.properties file and -Dcom.wedgetail.idm.sso.password=password under Tomcat Configuration > Java > Java option cannot be set at same time.

For resetting the Windows AD plugin, please check below KBA:

• 1666484 - How to reset/recreate Windows AD plugin in 4.x.

CMC, CCM, SA, pwd, DC, synchronize, break, login page, logon page, logon screen, changing password, incorrect password, SSO not work , KBA , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , Problem