on 10-17-2008 4:51 PM
Hello,
After reading all the post concerning the topic i didn't manage to solve the issue
I am able to connect with com product usind AD auth, the kinit command is also OK
I have checked the CAPS in both ini files and in the CMC
any idea?
thank you
What is not working?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you for the help . I will log a case
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
child domain?
all domains?
What did you enter in the CMC/Service Principal Name?
Have you added debug=true to the bsclogin? If so what is the error in the java logs (tomcat = tomcat55\logs\std.out)?
If kinit works and tomcat is using a good bsclogin/krb5.ini you should see a commit succeeded for every attempt (= successful kinit)
If you have that and it is failing we will have to add a deeper level of tracing in XI 3.x
Regards,
Tim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello here are information and the stdout file
bscLogin.conf
com.businessobjects.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required debug=true;
};
krb5.ini
.dev-test-visa.lan = DEV-TEST-VISA.LAN
dev-test-visa.lan = DEV-TEST-VISA.LAN
default_realm = DEV-TEST-VISA.LAN
dns_lookup_kdc = true
dns_lookup_realm = true
DEV-TEST-VISA.LAN = {
admin_server = DC-W2K3
kdc = DC-W2K3
default_domain = DEV-TEST-VISA.LAN
}
the kinit command return a correctly generated ticket
In CMC:
Nom adminitrateur principal :Administrateur
SETSPN Command: SETSPN BOE120SIADCW2K3/DC-W2K3 Administrateur
where BOE120SIADCW2K3 is the name of the BOE service and DC-W2K3 is the server name
The environment is a VM configured with AD2003 and single Domain
STDOUT FILE:
20 oct. 2008 10:27:45 org.apache.catalina.core.AprLifecycleListener lifecycleEvent
INFO: The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:WINDOWSsystem32;C:Program FilesBusiness ObjectsBusinessObjects Enterprise 12.0win32_x86;C:winnt
20 oct. 2008 10:27:45 org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initialisation de Coyote HTTP/1.1 sur http-8080
20 oct. 2008 10:27:45 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1218 ms
20 oct. 2008 10:27:45 org.apache.catalina.core.StandardService start
INFO: Démarrage du service Catalina
20 oct. 2008 10:27:45 org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.5.20
20 oct. 2008 10:27:45 org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
log4j:WARN No appenders could be found for logger (org.apache.commons.digester.Digester.sax).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN No appenders could be found for logger (org.apache.commons.digester.Digester.sax).
log4j:WARN Please initialize the log4j system properly.
2008-10-20 10:28:12,703 ERROR com.businessobjects.qaaws.internal.ServiceProvider () 3500 - initInstance()
org.apache.axis2.AxisFault: Your Web Intelligence session is invalid or has reached timeout. Log out and log in again to Query as a Web Service.
at com.businessobjects.dsws.DSWSExceptionFactory.CreateAxisFault(Unknown Source)
at com.businessobjects.qaaws.internal.BOEHelper.logon(Unknown Source)
at com.businessobjects.qaaws.internal.ServiceProvider.initInstance(Unknown Source)
at com.businessobjects.qaaws.internal.transport.QaaWSServlet.initServiceProvider(Unknown Source)
at com.businessobjects.qaaws.internal.transport.QaaWSServlet.init(Unknown Source)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1105)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:932)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3951)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4225)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:608)
at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:535)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:470)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1122)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1021)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
at org.apache.catalina.core.StandardService.start(StandardService.java:450)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:709)
at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
Initializing Performance Management
done (4562)
Initializing Performance Manager
done (156)
20 oct. 2008 10:29:02 org.apache.catalina.core.ApplicationContext log
INFO: action: Initializing configuration from resource path /WEB-INF/struts-config.xml
register('-//Apache Software Foundation//DTD Struts Configuration 1.0//EN', 'jar:file:/C:/Program%20Files/Business%20Objects/Tomcat55/webapps/Xcelsius/WEB-INF/lib/struts.jar!/org/apache/struts/resources/struts-config_1_0.dtd'
register('-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN', 'jar:file:/C:/Program%20Files/Business%20Objects/Tomcat55/webapps/Xcelsius/WEB-INF/lib/struts.jar!/org/apache/struts/resources/web-app_2_2.dtd'
register('-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN', 'jar:file:/C:/Program%20Files/Business%20Objects/Tomcat55/webapps/Xcelsius/WEB-INF/lib/struts.jar!/org/apache/struts/resources/web-app_2_3.dtd'
resolveEntity('-//Apache Software Foundation//DTD Struts Configuration 1.0//EN', 'http://jakarta.apache.org/struts/dtds/struts-config_1_0.dtd')
Resolving to alternate DTD 'jar:file:/C:/Program%20Files/Business%20Objects/Tomcat55/webapps/Xcelsius/WEB-INF/lib/struts.jar!/org/apache/struts/resources/struts-config_1_0.dtd'
New org.apache.struts.action.ActionMapping
Set org.apache.struts.action.ActionMapping properties
New org.apache.struts.action.ActionForward
Set org.apache.struts.action.ActionForward properties
Call org.apache.struts.action.ActionMapping.addForward(ActionForward[default])
Pop org.apache.struts.action.ActionForward
Call org.apache.struts.action.ActionServlet.addMapping(ActionMapping[path=/Flash_FlashVars/flashvarsEdit, type=com.businessobjects.clientaction.flash.flashvars.FlashVarsEditAction])
Pop org.apache.struts.action.ActionMapping
register('-//Apache Software Foundation//DTD Struts Configuration 1.0//EN', 'jar:file:/C:/Program%20Files/Business%20Objects/Tomcat55/webapps/Xcelsius/WEB-INF/lib/struts.jar!/org/apache/struts/resources/struts-config_1_0.dtd'
register('-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN', 'jar:file:/C:/Program%20Files/Business%20Objects/Tomcat55/webapps/Xcelsius/WEB-INF/lib/struts.jar!/org/apache/struts/resources/web-app_2_2.dtd'
register('-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN', 'jar:file:/C:/Program%20Files/Business%20Objects/Tomcat55/webapps/Xcelsius/WEB-INF/lib/struts.jar!/org/apache/struts/resources/web-app_2_3.dtd'
Call org.apache.struts.action.ActionServlet.addServletMapping(DocumentDownload/java.lang.String,/opendoc/documentDownload/java.lang.String)
20 oct. 2008 10:29:02 org.apache.catalina.core.ApplicationContext log
INFO: action: Process servletName=DocumentDownload, urlPattern=/opendoc/documentDownload
Call org.apache.struts.action.ActionServlet.addServletMapping(action/java.lang.String,*.do/java.lang.String)
20 oct. 2008 10:29:02 org.apache.catalina.core.ApplicationContext log
INFO: action: Process servletName=action, urlPattern=*.do
20 oct. 2008 10:29:02 org.apache.catalina.core.ApplicationContext log
INFO: action: Mapping for servlet 'action' = '*.do'
20 oct. 2008 10:29:02 org.apache.catalina.core.ApplicationContext log
INFO: org.apache.webapp.balancer.BalancerFilter: init(): ruleChain: [org.apache.webapp.balancer.RuleChain: , , ]
20 oct. 2008 10:29:02 org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextInitialized()
20 oct. 2008 10:29:02 org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextInitialized()
20 oct. 2008 10:29:03 org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextInitialized()
20 oct. 2008 10:29:03 org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextInitialized()
20 oct. 2008 10:29:03 org.apache.coyote.http11.Http11BaseProtocol start
INFO: Démarrage de Coyote HTTP/1.1 sur http-8080
20 oct. 2008 10:29:04 org.apache.catalina.storeconfig.StoreLoader load
INFO: Find registry server-registry.xml at classpath resource
20 oct. 2008 10:29:04 org.apache.catalina.startup.Catalina start
INFO: Server startup in 78391 ms
OK so like most AD cases there could be multiple issues. Lets start with what we know
admin_server = DC-W2K3
kdc = DC-W2K3
default_domain = DEV-TEST-VISA.LAN
}
admin server - not needed
KDC should = FQDN maybe DC-W2K3.DEV-TEST-VISA-LAN
also add udp_preference_limit = 1 in the libdefaults section - best practice
but if you are getting tickets these are not your problems just FTI.
the problem seems that your bsclogin is not being read properly. There is no error in 3.x as the tomcat logging mechanism has changed a bit. Instead follow the XI 3.0 admin guide for setting up vervose tracing. Our answers shoud be there
Some things to quickly check are
Are the java options specified correctly?
try creating a new bsclogin (be sure there is no formatting is use ansi)
make sure no typos or that your text editor didn't append a .txt to the file
If none of the above then we will need to check out the verbose logs.
The reason I don't think the bscloging is loading is because you would at least see the logon attempt in the java logs (pass or fail) once you add debug=true to the bsclogin. There are no login attempts in your log (format would be principa user@REALM followed by the commit succeeded - krb5.ini works or error message krb5.ini failed)
I always recommend opening a message with support - authentication team to get an engineer working on it and provide an escalation path. I'll try to help via forums but there could be many possible issues.
Regards,
Tim
Hello tim, if i change the KDC from DC-W2K3 to DC-W2K3.DEV-TEST-VISA-LAN the kinit command doesn't work anymore
so i have reset to DC-W2K3
i have set the java options
-Djava.library.path=C:\WINDOWS\system32\;C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\;C:\winnt\
-Djava.security.auth.login.config=C:\winnt\bscLogin.conf
-Djava.security.krb5.conf=C:\winnt\krb5.ini
-Dcrystal.enterprise.trace.configuration=verbose
-Djcsi.kerberos.debug=true
-Dcatalina.base=C:\Program Files\Business Objects\Tomcat55\
-Dcatalina.home=C:\Program Files\Business Objects\Tomcat55\
-Djava.endorsed.dirs=C:\Program Files\Business Objects\Tomcat55\common\endorsed\
-Dbobj.enterprise.home=C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\
-Xrs
-XX:MaxPermSize=256M
-Dbusinessobjects.olap.bin=
-Dbusinessobjects.olap.stylesheets=C:\Program Files\Business Objects\OLAP Intelligence 12.0\stylesheets\
-Djava.awt.headless=true
ans as following the doc for the trace
-Dcrystal.enterprise.trace.configuration=verbose
-Djcsi.kerberos.debug=true
but there is no logfile under C:\Documents and Settings\Administrateur\.businessob
jects\jce_verbose.log
again message= best route,
it does require a logon attempt to create the log
also try starting tomcat with a local admin account (the directory will change to be the user profile directory instead
unless we get that log to give an actual error or unless you see logon attempts in the std.out then I can't provide any more help. There's nothing for me to go on...
-Tim
User | Count |
---|---|
84 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.