- SSO suddenly starts failing for all users, and they are left at a login screen
- In the stderr with -Dcjsi.kerberos.debug=true we see "com.crystaldecisions.sdk.exception.SDKException$InvalidArg: The argument has an invalid value null (FWM 02024)" To note this error is very generic, the ones below can verify the issue better
- Web application logs (following KBA 1613472) show the error below
- NEW! to have your web application logs deciphered automatically for you please upload them to the new Support Log Assistant (SLA)
"LoginContext failed. Failure unspecified at GSS-API level (Mechanism level: com.dstc.security.kerberos.KerberosError: Message stream modified"
Error code: 41
Server name: BICMS/SPN
Server realm: EXAMPLEREALM.COM
- Vintela logs contain no errors following KBA 2684843
- Client packet scans contain no errors following KBA 1969914
- Packet scans on the web application server will show KRB Error: KRB5 KRB_AP_ERR_MODIFIED on TGS request for the CMC service principal name
- this error is also mentioned in KBA 2820819 but so far the previous solutions have failed
- Manual logon is working for all users both in client tools and web applications
- SAP BusinessObjects Business Intelligence Platform 4.2 (all SPs) probably will affect 4.3 as well
- Windows server version 2012, 2016, and 2019 all supported server versions
- Important to note the issue is being caused by domain controllers not BI servers
bip bi 4.x 4.* 4.2 4.3 bi4.x bi4.* bi4.2 bi4.3 vintela ventila vintella ventela set up Active Directory single sign on sign-on slient automatic opendocument error fail Account Information Not Recognized: Active Directory Authentication failed to log you on. Please contact your system administrator to make sure that you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserName@DNS_DomainName, and then try again. (FWM 00006) (FWM 00005) jcsi.kerberos: Could not decrypt service ticket with Key type ##, KVNO ##, Principal "HTTP/XXX.YYY.ZZZ" using key:Principal username@REALM.COM - delegation error secwinad winad , KBA , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.