':' in SQL Format causes analysis auth failure

Hi,
When running a SEM-BPS planning folder it fails due to analysis authorisation errors. On doing a trace it fails as the SQL Format has PLANT = ':' and SALESORG = ':'. These values are not within the analysis auths set-up.
Talking to the SEM-BPS person here they don't know how those got into the query.
Any ideas how we can get round this?
Thanks,
Nick.

hello,
does oracle showing any errors in user_scheduler_job_run_details for this job ? I would advise try inserting some debug statement to identify where exactly its stuck. Also please check sample configurations syntax for user_scheduler_jobs.
Cheers
Sush

Similar Messages

  • Authorization log / Hierarchy node in SQL format

    Hi!
    I execute rsudo on a restricted user and the authorization log tells me that this fails because the user is not authorized for "Content(in SQL format): Node 5 8 0 31 E"
    Now how do I translate this sql format into something I can read? I've looked through the hierachy tables for the relevant characteristic but I can only identify 31 as the hierarchy sid and E as the version.

    Vice -
    We had to do basically the same thing for 0CRM_TR hierarchy, but our steps were a little different since we are on BI 7.0 - 2004S.
    We also had to limit the users visibility to data from certain nodes and below on the hierarchy. 
    1st, we made the 0CRM_TR object auth releveant. 
    2nd, we created an analysis authorization for the object via transaction code RSECADMIN.  In the transaction we had to specify the Hierarchy variable name that would be used in Queries.  We then selected the node (GUID) where we wanted the authorizaion to take place.  We set the Type Auth to 1(subtree and below) and Hierarchy Validity Area as 2(Name Identical).  We set it to 2 since the Hierarchy would always be loaded in the same name.

  • SSIS Error Code DTS_E_OLEDBERROR. An OLE DB error has occurred. Error code: 0x80004005. An OLE DB record is available. Source: "Microsoft OLE DB Provider for SQL Server 2012 Analysis Services." Hresult: 0x80004005 Description: "Internal error: An une

    SSIS Error Code DTS_E_OLEDBERROR.  An OLE DB error has occurred. Error code: 0x80004005.  An OLE DB record is available.  Source: "Microsoft OLE DB Provider for SQL Server 2012 Analysis Services."  Hresult: 0x80004005
     Description: "Internal error: An unexpected error occurred (file 'pcxmlacommon.cpp', line 43, function 'PCFault::RaiseError').
    I'm getting above error in the pre- execute phase of a DFT when I'm trying to fetch data from a SSAS cube using mdx query.
    I'm using OLE DB provider for connecting to cube.
    I got one resolution for Error Code 0X8004005, which asked me to add 'Format= Tabular' in cube's connection string. It does not seem to work either. Can any one help me out on this???

    You are probably missing an update.
    I saw a MS Connect post https://connect.microsoft.com/SQLServer/feedback/details/250920/error-using-oledb-or-datareader-to-get-analysis-services-data where that suggestion was proposed as a fix, but is for an older SQL Server version.
    So do there is a question if you pull data from SQL Server 2012 SSAS using SSIS 2012 (so no other build is involved).
    Arthur My Blog

  • ISE - Periodic Dynamic Auth Failures

    I am running into an issue where I get a handful of Dynamic Auth Failure errors in ISE. In the results it's showing a CoANAK and the error cause is 200. In the steps it's showing:
    11204 Received reauthenticate request
    11220 Prepared the reauthenticate request
    11100 RADIUS-Client about to send request
    11101 RADIUS-Client received response
    Which shows successful communications between ISE and the NAD. When I look at the logs for Radius Authentication for one of the hosts I see it pass MAB with one session ID then Dynamic Auth CoA Fail then pass dot1x with a different session ID.
    I was reading up on the Dynamic Auth RFC (http://tools.ietf.org/html/rfc5176) and in Section 3.5 it states:
    "Values 200-299 represent successful completion, so that these values may only be sent within CoA-ACK or Disconnect-ACK packets and MUST NOT be sent within a CoA-NAK or Disconnect-NAK packet."
    Am I missing something here? Is anyone else having this issue?

    All Cisco Phones. Switches are 4510's running 03.02.03
    Here's a sample port config:
    interface GigabitEthernetX/X/X
    switchport access vlan XX
    switchport mode access
    switchport voice vlan XX
    srr-queue bandwidth share 10 10 60 20
    queue-set 2
    priority-queue out
    authentication event fail action next-method
    authentication host-mode multi-auth
    authentication open
    authentication order mab dot1x
    authentication priority dot1x mab
    authentication port-control auto
    mab
    mls qos trust device cisco-phone
    mls qos trust cos
    dot1x pae authenticator
    dot1x timeout tx-period 10
    spanning-tree portfast
    spanning-tree guard root
    service-policy input AutoQoS-Police-CiscoPhone
    end
    No I don't see multiple session id's for the same user. We are using EAP-TLS and cert auth.
    Server keys are good. I've debugged a couple of these. Only thing I could find was the session ID is different between mab and dot1x.

  • Prime 2.0: User Auth Failure Count

    Hello
    In Prime 2.0, on the Home page> General, you can view dashlets showing various bits of information.
    One of those available is User Auth Failure Count and I am trying to establish what this table is showing me and if I can get this information out of Prime in a CSV format for example, in order to do some correlation with RADIUS logs.
    I want to establish whether the users being reported as having an auth failure are actually managing to get onto the network eventually, or whether we have an authentication problem we need to tackle.
    The only reference in Cisco documentation I have found to date says the following, which is not helpful to me:
    "User Auth Failure Count
    This dashlet displays a chart which shows user authentication failure count trend over time.  "
    Does anyone know if this information is exportable somehow?
    thanks
    Bryn

    Hi Scott
    I agree with your point that the historical data is available via MSE, but I now come round to my first question, which is how do I get to the data from Prime?
    I cannot find a report to run to get the Failed Auth User Count data, although it must be there for the information to be populating the dashlet
    I think I will have to try our Cisco contact
    thanks
    Bryn

  • Auth Failure Traps

    After i changed snmp strings on our network devices , I see a list of devices with Auth Failure Traps on Syslog server.
    Ive check the snmp credential strings on CW for each device and they're correct.
    This is the error message on my syslog server:
    mm-dd-yyyy    11:23:16    Local0.Info    10.1.1.1    10.1.1.2.150 4 0  Authentication failure 10.1.1.254(CiscoWorks) 1 10.1.1.254(CiscoWorks)
    This message wasnt there before i re-new the snmp community string. After I chnage the snmp string on my routers and switches, I a lots of traps on my syslog server.
    How can I stop this?
    Thank you for your help
    Thanks

    Hi Joe,
    The root cause of authentication failure messages was due to dfmserver. When I stop it, the message disappeared.
    Process:
    DfmServer
    Path:
    C:\PROGRA~1\CSCOpx\objects\smarts\bin\CS_sm_server.exe
    Flags:
    Startup:
    Started automatically at boot.
    Dependencies:
    DfmBroker
    Before applying the patch, when I shutdown dfmserver, I could still see the polling. After applying the patch, the polling stop.
    There are only 2 patches for DFM. I have also applied fix CSCta56151.
    Patches installed
    Patch Name
    Version
    Installed Date
    CSCtb87449-0
    0
    02 Mar 2010, 11:28:07 WST
    CSCta56151-0
    0
    04 Mar 2010, 14:18:46 WST
    Any more tips Joe?

  • Pound sign (#) in auth failure in BI

    We get a pound sign in an RSSM trace of an auth failure.  It is related to a profit center hierarchy.
    When we grant a different hierarchy, there is no auth failure, but the pound sign still shows up in the trace, just with a green light.
    What might cause this?  Is it wise to grant the pound sign, or does it signify a data problem?

    Hello,
    Pound sign minds unassigned hierarchie value.
    The value displayed on the report cannot be assigned to a hierarchie node.
    If the light is green : No problem
    Did you read the following guide : How Tou2026 Work With Hierarchy Authorizations.pdf ?
    Hope this helps

  • DirectoryService reports mysterious auth failures

    My console log is full of log messages like ones included below. I would love to know where they come from, so I can fix whatever is wrong.
    I don't think that there is someone trying to break in, as I don't see corresponding failed ssh connections, or any errors in the afp / smb logs. I do see some break in attempts over ssh, but they don't correspond to the events / names reported for these errors in the console. The user names below also only match local users, and if this had been break in attempts, I wouldn't expect them to know the exact names of all my users. I also don't think that this problem is caused by the connecting LAN clients, as I also see the error for the admin & root accounts.
    To me it seems that some local service / facility is not configured correctly, but I'm at loss as to how to track this down.
    I'm running Mac OS X Server 10.4.3, and have the following things enabled:
    ssh, ard, afp, smb, httpd+webdav (for iCal sharing).
    ===============================================
    Nov 22 15:21:33 server DirectoryService[41]: Failed Authentication return is being delayed due to over five recent auth failures for username: mikael.
    Nov 22 15:26:10 server DirectoryService[41]: Failed Authentication return is being delayed due to over five recent auth failures for username: root.
    Nov 22 17:38:59 server DirectoryService[41]: Failed Authentication return is being delayed due to over five recent auth failures for username: root.
    Nov 22 17:45:19 server DirectoryService[41]: Failed Authentication return is being delayed due to over five recent auth failures for username: admin.
    Nov 22 17:48:04 server DirectoryService[41]: Failed Authentication return is being delayed due to over five recent auth failures for username: joar.
    Nov 22 17:50:15 server DirectoryService[41]: Failed Authentication return is being delayed due to over five recent auth failures for username: david.
    Nov 22 17:52:27 server DirectoryService[41]: Failed Authentication return is being delayed due to over five recent auth failures for username: johan.
    Nov 22 17:54:38 server DirectoryService[41]: Failed Authentication return is being delayed due to over five recent auth failures for username: fredrika.
    Nov 22 17:56:50 server DirectoryService[41]: Failed Authentication return is being delayed due to over five recent auth failures for username: tove.
    Nov 22 17:59:02 server DirectoryService[41]: Failed Authentication return is being delayed due to over five recent auth failures for username: mikael.
    Nov 22 18:53:47 server DirectoryService[41]: Failed Authentication return is being delayed due to over five recent auth failures for username: admin.
    Nov 22 18:53:47 server DirectoryService[41]: Failed Authentication return is being delayed due to over five recent auth failures for username: joar.
    Nov 22 22:34:15 server DirectoryService[41]: Failed Authentication return is being delayed due to over five recent auth failures for username: mikael.
    Nov 22 23:33:35 server DirectoryService[41]: Failed Authentication return is being delayed due to over five recent auth failures for username: root.
    Nov 22 23:41:23 server DirectoryService[41]: Failed Authentication return is being delayed due to over five recent auth failures for username: admin.
    Nov 22 23:44:28 server DirectoryService[41]: Failed Authentication return is being delayed due to over five recent auth failures for username: joar.
    Nov 22 23:47:36 server DirectoryService[41]: Failed Authentication return is being delayed due to over five recent auth failures for username: david.
    Nov 22 23:50:32 server DirectoryService[41]: Failed Authentication return is being delayed due to over five recent auth failures for username: johan.
    Nov 22 23:52:32 server DirectoryService[41]: Failed Authentication return is being delayed due to over five recent auth failures for username: fredrika.
    Nov 22 23:54:32 server DirectoryService[41]: Failed Authentication return is being delayed due to over five recent auth failures for username: tove.
    Nov 22 23:56:36 server DirectoryService[41]: Failed Authentication return is being delayed due to over five recent auth failures for username: mikael.
      Mac OS X (10.4.3)  

    Hi,
    I've seen this as well and I think the cause is someone trying to use either Server Admin or Server Monitor without the correct credentials on that server.
    I haven't verified this, but I had a colleague reenter the username and password in both of these programs on his machine and the messages went away on the server.
    Hope that helps.
    Kevin Anderson
    Fairbanks School District
    Fairbanks, Alaska
    20 in iMac G5   Mac OS X (10.4.3)   Many, many Xserves

  • Analysis auth issue

    Hi,
    We have a scenario where we have 2 user IDs:
    X
    Y
    We have a report R1 which has values for an infoobject IO as 1,2,3,4,5
    Now User X is restricted to see only data for values 1,2,3 and Y is restricted for 4,5
    We have created Analysis auth object and assigned it to users. Then we added an auth variable in the report which will restrict data as per user authorization.
    Now the issue is that when we execute the report for User X, only values for 1 is displaying and data for 2 and 3 are not showing up inspite of data being avalable in the underlying Infoprovider.
    Same is the case with User Y where the data is only visible or 4.
    What can be the issue?

    Hi Debanshu,
    Though I could not understand the exact issue, I would rather suggest you to check the authorizations checked while executing the report in Transaction RSECADMIN. In the Transaction goto Analysis tab ->Log Administration. there in the Configure Log recording provide the userid for which you want to test the authorizations And save it.
    When that perticular user runs the report will will be able to see the logs for it using the option "Authorization Logs" screen. And this log will have a detailed information regarding the entire authorization trace for that user for that report.
    Regards,
    Pratap Sone

  • E2E Root cause analysis in solution manager

    Hi
    How to add the E2E root cause analysis, the  new functionality in solution manager 4.0 with the E2E root cause analysis functionality does it require support pack which level of SP required to use the new  functionaltiy
    Regards
    Dinaker vikas

    Hi,
    If you have PI system in your landscape, I would strongly recommend to upgrade to SP15.
    Trace monitoring for PI is to be available from SP17 (Not yet released)
    Check [this Link.|http://service.sap.com/e2e].
    Hope this solves your problem.
    Feel free to revert back.
    --Ragu

  • What is the diff of Solution monitoring and E2E Root cause analysis

    Hi,
    I want to know what is the different for Solution Manager Solution Monitoring and End to End root cause analysis. Currently we have implemented change management and Implementing and Upgrading SAP Solutions, if i would like to explore the solution monitoring, and end to end root cause analysis, what is the steps of configuration i need?
    if i would like to have a check on the system whether is performing well, or setup the functionality of sending alert when system is having problem, which feature would be better? end of end functionality or Solution Monitoring?
    Please advice..
    thanks
    -Fung

    Hi,
    If you have PI system in your landscape, I would strongly recommend to upgrade to SP15.
    Trace monitoring for PI is to be available from SP17 (Not yet released)
    Check [this Link.|http://service.sap.com/e2e].
    Hope this solves your problem.
    Feel free to revert back.
    --Ragu

  • Creation of Analysis Auth from SU21

    Hi All,
    I gave a try to one auth. Just wanted anyone of you to clarify this.
    I created one customised object from SU21, and created the field, which we have used in the Analysis Auth (rsecadmin)  like, Compcode, salesorg, co area, etc.
    I have entered the field values and generated. Now included this in a role for a reporting user which contains the objects s_rs_comp and s_rs_comp1 for which Comp1 given full *.
    Now the test user is able to create the queries based on the restrictions assinged, like company code. But he is not able to execute his own query, where he was given full access. SU53 shows that he doesn't have the access to Execute in S_rs_comp1, where I have maintained * for that.
    Does this mean that, the Charateristics for Analysis Auth will not work if assigned through the objects created from SU21. / or do i need to do something more.
    Can anybody help please.
    Thanks for the help.
    Regards,
    Venkat

    Hi JC,
    The idea given by you is good. I tried, it. But its not working securely.
    I created one analysis auth for all common characteristics. and dvarious for different company codes and controlling areas.
    like grouped the following as one
    Company Code, Controlling Area, Keyfigues.
    I assigned a user a role like this. Take for example ODS A and B. Comp Codes, CC1 and CC2, Controling areas CA1 and CA2.
    assigned the Reporting roles like this. where
    1) ODS A > CC1 (CA ) (KF)
    2) ODS B > CA2 (CC) (KF)
    when checked user is able to see all the controlling areas on ODS B,where i gave him only CA2.
    That is the problem..

  • An account failed to log on unknown username or password. Causing Login audit failures

    I have a SBS11 Essentials server that is getting audit Failures over and over again. There computer account says it's the SBS11 server it's self.  It says unknown user name or bad password. I have checked for scheduled tasks, backup jobs, services and
    non of them are using any special user accounts.  I have used MS network monitor and can't find anything helpful to lead to the issue.  All computers in the network are running Windows 7.  The domain functional level is 2008 R2.
    I get a the 4768 event ID about a Kerberos event and then just after I get a Event ID 4625 account failure with Logon Type 3.  I have includes the events below.  I need to figure what is causing the audit failures as my GFI Test Hacker alert is
    catching it every morning.  Disabling the Test Hacker alert is not a option.  I have used Process Explorer also but can't seem to pin it down.  I also enabled Kerberos logging.
    http://support.microsoft.com/kb/262177?wa=wsignin1.0.  All event codes state its a unknown or no existing account but how do I stop it from happening?
    This is from the System Event log
    A Kerberos Error Message was received:
    on logon session TH.LOCAL\thsbs11e$
    Client Time:
    Server Time: 14:59:53.0000 3/4/2014 Z
    Error Code: 0x6 KDC_ERR_C_PRINCIPAL_UNKNOWN
    Extended Error:
    Client Realm:
    Client Name:
    Server Realm: TH.LOCAL
    Server Name: krbtgt/TH.LOCAL
    Target Name: krbtgt/[email protected]
    Error Text:
    File: e
    Line: 9fe
    Error Data is in record data.
    This is from the Security Event log
    A Kerberos authentication ticket (TGT) was requested.
    Account Information:
    Account Name: S-1-5-21-687067891-4024245798-968362083-1000
    Supplied Realm Name: TH.LOCAL
    User ID: NULL SID
    Service Information:
    Service Name: krbtgt/TH.LOCAL
    Service ID: NULL SID
    Network Information:
    Client Address: ::1
    Client Port: 0
    Additional Information:
    Ticket Options: 0x40810010
    Result Code: 0x6
    Ticket Encryption Type: 0xffffffff
    Pre-Authentication Type: -
    Certificate Information:
    Certificate Issuer Name:
    Certificate Serial Number:
    Certificate Thumbprint:
    Certificate information is only provided if a certificate was used for pre-authentication.
    Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.
    I then get teh following error in the next event
    An account failed to log on.
    Subject:
    Security ID: SYSTEM
    Account Name: THSBS11E$
    Account Domain: TH
    Logon ID: 0x3e7
    Logon Type: 3
    Account For Which Logon Failed:
    Security ID: NULL SID
    Account Name:
    Account Domain:
    Failure Information:
    Failure Reason: Unknown user name or bad password.
    Status: 0xc000006d
    Sub Status: 0xc0000064
    Process Information:
    Caller Process ID: 0x25c
    Caller Process Name: C:\Windows\System32\lsass.exe
    Network Information:
    Workstation Name: THSBS11E
    Source Network Address: -
    Source Port: -
    Detailed Authentication Information:
    Logon Process: Schannel
    Authentication Package: Kerberos
    Transited Services: -
    Package Name (NTLM only): -
    Key Length: 0
    This event is generated when a logon request fails. It is generated on the computer where access was attempted.
    The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
    The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
    The Process Information fields indicate which account and process on the system requested the logon.
    The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
    The authentication information fields provide detailed information about this specific logon request.
    - Transited services indicate which intermediate services have participated in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM protocols.
    - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

    Well I opened the case for him and he never followed up with Microsoft :-(
    It's a kerberos issue, we're told to ignore it.  Would you be willing to be patient and stubborn and work with CSS to at least understand what's going on better?  I can tell you it's normal with Essentials but not the exact technical reason it's
    happening.
    Unfortunately TechNet isn't coming back, sorry folks :-(

  • Root Cause Analysis - Breakpoints in ABAP

    Gurus ,
    We had this breakpoints in the ECC - datasource extractors which got transported in the  production and I have been given the task to identify the root cause analysis as to why was it not caught in dev,qa and testing.
    can any one share their experience as to how to avoid this negligence and  the additional steps required to ensure this does not happen again ?
    Thanks in advance

    Hi,
    To identify the break points and avoid the transport of breakpoints. U can run the extended program check and there you can find in EPC error in superfluous statements the break points present in ur report.
    Regards,
    Vasanth

  • Finding the Text of SQL Query causing Full Table Scans

    Hi,
    does anyone have a sql script, that shows the complete sql text of queries that have caused a full table scan?
    Please also let me know as to how soon this script needs to be run, in the sense does it work only while the query is running or would it work once it completes (if so is there a valid duration, such as until next restart, etc.)
    Your help is appreciated.
    Thx,
    Mayuran

    Finding the Text of SQL Query Causing Full Table Scan

Maybe you are looking for