MSAD configuration

Hi all, sorry if this is the wrong forum for this question. I am trying to configure a MSAD server with shared services.
I can do it easily with our Hyperion QA server, but in the PROD environment the configuration doesn't go ahead after the user config.
In the group config it just searches for about five minutes, then nothing happens.
If I add the config info from the QA server CSSConfig.xml file to the PROD one and reimport it, is there possibilty that it will work?
There is one more MSAD server already configured to the PROD and MSAD users are configured through native groups.
I want to know that if I import the CSSConfig.xml will the provisioning of the exisiting MSAD server users be affected?
Is reimporting the file same as adding the existing server again? Thanks a lot.

Hi John,
It means there is no need of admin user.
Suppose, if we creates one user id to query the AD, and after some time we change the password of the user id; we need to change the password in Shared Services also?
Thanks in Advance

Similar Messages

  • MSAD Configuration with Shared Services

    Hi,
    I have just sucessfully configured MSAD to the HFM SS but 1 concern is that anyone with the domain suer login is able to login to shared service although limited function are available. Is there anyway to control other users except my users to login?
    I do not want to use Native to create user as it will means another set of password to rememberr for the users, would prefer they use their normal domain accoutn to login.
    Thanks

    In addition to other comments, users can only make changes in Shared Services if they have Shared services roles assigned. Also, we use MSAD with both local and AD groups, and as long as you know the effective rights, it works out fine either way. The Shared services roles are listed below (Security Administrator's Guide pp 135-136):
    Administrator: Provides control over all products that integrate with Shared Services. It enables more
    control over security than any other Hyperion product roles and should therefore be
    assigned sparingly. Administrators can perform all administrative tasks in User
    Management Console and can provision themselves.
    This role grants broad access to all applications registered with Shared Services. The
    Administrator role is, by default, assigned to the admin Native Directory user, which is
    the only user available after you deploy Shared Services.
    Directory Manager: Creates and manages users and groups within Native Directory.
    Do not assign to Directory Managers the Provisioning Manager role because combining
    these roles allows Directory Managers to provision themselves.
    The recommended practice is to grant one user the Directory Manager role and another
    user the Provisioning Manager role.
    LCM Manager: Runs the Artifact Life-Cycle Management utility to promote artifacts or data across product environments and operating systems
    Project Manager: Creates and manages projects within Shared Services
    Create Integrations: Creates Shared Services data integrations (the process of moving data between
    applications) using a wizard.
    For Oracle's Enterprise Performance Management Architect, creates and executes data
    synchronizations.
    Run Integrations: Views and runs Shared Services data integrations.
    For Performance Management Architect, executes data synchronizations.
    Dimension Editor ( includes Dimension Viewer and Interactive Editor):
    Creates and manages import profiles for dimension creation. Also, creates and manages
    dimensions manually within the Performance Management Architect user interface or the
    Classic Application Administration option.
    Required to access Classic Application Administration options for Financial Management
    and Planning using Web navigation.
    Dimension Viewer can read or view dimensions. This role automatically maps to the
    Dimension Reader access on dimensions.
    Interactive Editor can modify members within a dimension, and grants dimension writer
    access to all dimensions. Does not allow users to delete dimensions.
    Note: Dimension Viewer and Interactive Editor roles are reserved for future use.
    Application Creator (includes Analytic Services Application Creator, Financial Management Application Creator, Planning Application Creator,  External Application Creator): Creates and deploys Performance Management Architect applications. Users with this
    role can create applications, but can change only the dimensions to which they have
    access permissions.
    Required, in addition to the Dimension Editor role, for Financial Management and
    Planning users to be able to navigate to their product’s Classic Application Administration
    options.
    When a user with Application Creator role deploys an application from Performance
    Management Architect, that user automatically becomes the application administrator
    and provisioning manager for that application.
    The Application Creator can create all applications.
    The Analytic Services Application Creator can create Generic applications.
    The Financial Management Application Creator can create Consolidation applications
    and Performance Management Architect Generic applications. To create applications,
    the user must also be a member of the Application Creators group specified in Financial
    Management Configuration Utility.
    The Planning Application Creator can create Planning applications and Performance
    Management Architect Generic applications.
    The External Application Creator can create external views and export application views
    but cannot export the library.
    Note: External Application Creator role is reserved for future use.

  • Shared Services hangs after MSAD configuration (9.2.0.2)

    Hi all,
    I am trying to configure MSAD with shared services. I successfully add the MSAD domain and then add it to the search order, being number 2 after native. I then restart HSS. When I go to open HSS or the framework login the whole thing just hangs. HSS does always start correctly. For testing purposes I am restoring the CSS file each time. I have tried 3 different user accounts so I doubt it is a permissions issue.
    I have also tried configuring the MSAD domain, restart HSS, then adding it to the search order and restarting HSS. It made no difference.
    Has anyone seen this before? The same domain has been added to a different instance of HSS on another server (DR) so I can't understand why it is hanging.
    Many thanks in advance,
    Nathan

    After extensive testing with Oracle Hyperion the root cause was runnong HSS as a service following the configuration with MSAD. The config framework page displayed 9.2.0.2 as the version when it was actually 9.2.0.3 as confirmed by the HSS console. Apparently this problem can happen in 9.2.0.3.
    Just thought I'd let you know the solution.
    Nathan

  • Shared Services MSAD Configuration

    Hi
    Can you please assist, the following error occurs on the Log when configuring MSAD user configuration
    2010-08-25 15:47:45,742 ERROR [http-28080-Processor12] com.hyperion.css.web.config.util.extauth.CSSProperties.getSecurityAgent(Unknown Source) -- Error occured while loading the configuration file
    2010-08-25 15:47:45,758 ERROR [http-28080-Processor12] com.hyperion.css.web.config.util.extauth.CSSProperties.getSsoMode(Unknown Source) -- Error occured while loading the configuration file
    2010-08-25 15:47:45,758 ERROR [http-28080-Processor12] com.hyperion.css.web.config.util.extauth.CSSProperties.getSsoValue(Unknown Source) -- Error occured while loading the configuration file
    Please advise

    I have the exact same error :(

  • MSAD configuration with shared services issue?

    Hi
    i recently configured MSAD with shared services.but the problem is the hfm users are not in the same group in msad.so i am not getting all hfm users.so i configured 2 more msad groups.
    now the problem is while configuring we have to give user name & password of any user in that group.here the password will change for every 45 days.and it is pratically not possible to have others password for the administrator to change for every 45 days in shared services.
    is there any other solution for this problem.
    HYperion 11.1.1.2
    regards
    bharat.tv

    Can you not set up an one service account that exists in all the groups and doesn't have its password expiring?
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • MSAD and EPM 11.1.2.1

    Hi,
    I have a question.
    If there is MSAD configured with 11.1.2.1 is it somehow possible for user to change his MSAD password via EPM Workspace?
    Best regards,
    Greg

    Hi,
    Once MSAD is configured, all the credentials are handled from MSAD server and maintained by MSAD Administrator only, the user dont have the permission to change the password...
    Even the Hyperion - Power Administrator dont have the permission to touch and alter the MSAD user groups.
    Thanks

  • Security  Access

    Hello All-
    I have a Essbase application and i have MSAD configured with shared services. Now i want to have users be able to use their MSAD username & passowrd and at the same time i want to assign users the filter access for the indvidual
    application. I have always done it in the planning application but i now want implement the same on just Essbase application. Now my question is where should i create my group in EAS or directly in shared service? My guess is that i
    should create group in shared service assign as Essbase server access and then refresh the security via AAS and i should see the groups in AAS. Once i see the groups there how can i assign the filter security for the application . IS this
    something that i need to do directly in AAS? Please advise!
    Thanks!

    Hi,
    Create the group in shared services, give the group the essbase role of "server access" and access to each essbase application.
    Go into EAS, refresh security from shared services for all users.
    Create filters in EAS for the essbase applications.
    In shared services, expand application groups, essbase, right click the essbase application "assign access control", pick the user/group, assign the filter.
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • AD authentication against Shared Services failing randomly

    We're seeing random failures in AD authentication against Shared Services both via the Excel Addin and via Maxl scripts.
    SQL server (v 10.50.2500), Shared Services and OHS (v 11.1.2.2.303), and Essbase server (v11.1.2.2.104) are installed on the same physical box (16 cores, 192GB RAM) in a single-server configuration. It happens every few days at no fixed time and is resolved either by itself in a few hours, or by stopping and starting EPM services (Hyperion Foundation Services - Managed Server, OPMN service for Essbase, and OPMN service for OHS are stopped by running <Middleware_Home>\user_projects\epmsystem1\bin\stop.bat, and started by running start.bat).
    While the AD authentication is down, nobody is able to connect (via the Excel Add-in or Maxl scripts) using their AD accounts and get the following error - "Analytical Services user [AD_user1] Authentication Fails against the Shared Services Server with Error [EPMCSS-00301: Failed to authenticate user. Invalid credentials. Enter valid credentials.]". Native authentication works at all times (even when AD authentication fails).
    Although it seems to apply to an older version and to Planning/Workspace, we did look into "Error "EPMCSS-00301: Failed To Authenticate User. Invalid credentials" Intermittently When MSAD User Logs Into Workspace. (Doc ID 1389871.1)". But even after making the suggested changes, the problem persists. Any ideas what might be causing AD authentication to fail randomly like this? Below are some relevant portions of the logs -
    From ESSBASE_ODL.log -
    [2014-01-10T04:41:06.693-05:00] [ESSBASE0] [ERROR:32] [AGENT-1440] [] [ecid: 1388972435616,0] [tid: 6312] Essbase user [hyperion_admin] Authentication Fails against the Shared Services Server with Error [EPMCSS-00301: Failed to authenticate user. Invalid credentials. Enter valid credentials.]
    [2014-01-10T04:41:06.693-05:00] [ESSBASE0] [WARNING:1] [AGENT-1003] [] [ecid: 1388972435616,0] [tid: 6312] Error 1051440 processing request [Login] - disconnecting
    From SharedServices_Security_Client.log -
    [2014-01-10T04:39:00.490-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20330] [oracle.EPMCSS.CSS] [tid: 149] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheManager] [SRC_METHOD: getCache] Cache refresh started asynchronously. This is a status messages. No action required. [2014-01-10T04:39:42.547-05:00] [EPMCSS] [ERROR] [EPMCSS-07047] [oracle.EPMCSS.CSS] [tid: 150] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.util.jndi.pool.JNDIConnectionPool] [SRC_METHOD: getBorrowObject] Failed to get connection  from connection pool for user directory AD. Error executing query. adweilcom:389. Verify user directory configuration.
    [2014-01-10T04:39:42.547-05:00] [EPMCSS] [ERROR] [EPMCSS-09102] [oracle.EPMCSS.CSS] [tid: 150] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.impl.msad.JNDIHelper] [SRC_METHOD: getURLContext] Failed to initialize group cache for MSAD user directory AD. Error connecting to url. ad.weil.com:389. Verify MSAD user directory configuration.
    [2014-01-10T04:39:42.547-05:00] [EPMCSS] [ERROR] [EPMCSS-00107] [oracle.EPMCSS.CSS] [tid: 150] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.CSSManager] [SRC_METHOD: pingConfiguredProviders] Failed to refresh group cache. Some of configured user directories not initialized [AD]. Verify user directory configuration.
    [2014-01-10T04:39:42.547-05:00] [EPMCSS] [WARNING] [EPMCSS-10029] [oracle.EPMCSS.CSS] [tid: 150] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: run] Exception while building asynchronous group cache for user directory. EPMCSS-00107: Failed to refresh group cache. Some of configured user directories not initialized [AD]. Verify user directory configuration.. Verify Shared Services security user directory configuration.
    [2014-01-10T04:40:24.605-05:00] [EPMCSS] [ERROR] [EPMCSS-00301] [oracle.EPMCSS.CSS] [tid: 149] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.util.jndi.pool.JNDIConnectionPool] [SRC_METHOD: getBorrowObject] Failed to authenticate user. Invalid credentials. Enter valid credentials.
    [2014-01-10T04:40:24.605-05:00] [EPMCSS] [ERROR] [EPMCSS-00301] [oracle.EPMCSS.CSS] [tid: 149] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.impl.msad.JNDIHelper] [SRC_METHOD: getURLContext] Failed to authenticate user. Invalid credentials. Enter valid credentials.
    [2014-01-10T04:41:06.662-05:00] [EPMCSS] [ERROR] [EPMCSS-00301] [oracle.EPMCSS.CSS] [tid: 149] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.util.jndi.pool.JNDIConnectionPool] [SRC_METHOD: getBorrowObject] Failed to authenticate user. Invalid credentials. Enter valid credentials.
    [2014-01-10T04:41:06.662-05:00] [EPMCSS] [ERROR] [EPMCSS-00301] [oracle.EPMCSS.CSS] [tid: 149] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.impl.msad.JNDIHelper] [SRC_METHOD: getURLContext] Failed to authenticate user. Invalid credentials. Enter valid credentials.
    [2014-01-10T04:41:06.693-05:00] [EPMCSS] [WARNING] [EPMCSS-10033] [oracle.EPMCSS.CSS] [tid: 149] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.facade.impl.CSSAbstractAuthenticator] [SRC_METHOD: authenticateUser] Skipping user directory {0} failed to communicate with server. {1}. No action required.
    [2014-01-10T04:41:06.693-05:00] [EPMCSS] [ERROR] [EPMCSS-00301] [oracle.EPMCSS.CSS] [tid: 149] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.facade.impl.CSSAbstractAuthenticator] [SRC_METHOD: authenticateUser] Failed to authenticate user. Invalid credentials. Enter valid credentials.
    From console~Essbase1~EssbaseAgent~AGENT~1.log -
    [Fri Jan 10 04:40:22 2014EPMCSS-00301: Failed to authenticate user. Invalid credentials. Enter valid credentials.               
    at com.hyperion.css.facade.impl.CSSAbstractAuthenticator.authenticateUser(CSSAbstractAuthenticator.java:658)
    at com.hyperion.css.facade.impl.CSSAPIAuthenticationImpl.authenticate(CSSAPIAuthenticationImpl.java:69)               
    at com.hyperion.css.facade.impl.CSSAPIImpl.authenticate(CSSAPIImpl.java:102)               
    at com.hyperion.css.facade.impl.CSSAPIImpl.login(CSSAPIImpl.java:794)               
    at com.hyperion.css.facade.CSSAPIFacade.login(CSSAPIFacade.java:776) ]
    Local/ESSBASE0///9180/Info(1042059)

    Server times are in sync. In fact, we see no such issues on the 9.3.1 environments (which are in the same server farm as the 11.1.2.2 environments).
    We're using the same MSAD configuration we have in the 9.3.1 environments as follows -
    Directory Server: Microsoft
    Name: AD Host Name: ad.mycompany.com
    Port: 389
    SSL Enabled: unchecked
    Base DN: DC=ad,DC=mycompany,DC=com
    ID Attribute: objectguid (greyed)
    Maximum Size: 200
    Trusted: checked
    Anonymous Bind: unchecked
    User DN: ad\hyperion_admin
    Append Base DN: unchecked
    User RDN: blank
    Login Attribute: cn
    First name Attribute: givenName
    Last name Attribute: sn
    Email Attribute: mail
    Object Class: person,organizationalPerson,user
    Support Groups: checked
    Group RDN: OU=groups
    Name Attribute: CN
    object class: group?member
    I also tried disabling AD groups (Support Groups = unchecked), but I still see a random AD authentication failure. Below are logs based on automated retrievals using an AD account at 14:37, 17:37, 20:37 and 21:40 today. The first 2 worked fine, the 3rd failed, the fourth worked fine again. From SharedServices_Security_Client.log -
    [2014-01-11T14:37:00.574-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20330] [oracle.EPMCSS.CSS] [tid: 42] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheManager] [SRC_METHOD: getCache] Cache refresh started asynchronously. This is a status messages. No action required.
    [2014-01-11T14:37:00.917-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20005] [oracle.EPMCSS.CSS] [tid: 43] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Asynchronously started user directory cache building for user directory Native Directory. Status message. No action required.
    [2014-01-11T14:37:00.917-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20005] [oracle.EPMCSS.CSS] [tid: 43] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Asynchronously started user directory cache building for user directory AD. Status message. No action required.
    [2014-01-11T14:37:00.917-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20008] [oracle.EPMCSS.CSS] [tid: 44] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.impl.msad.MSADProvider] [SRC_METHOD: createCache] Group support is disabled for MSAD user directory AD returning empty cache map. Status message. No action required.
    [2014-01-11T14:37:00.917-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20007] [oracle.EPMCSS.CSS] [tid: 44] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.ProviderCacheThread] [SRC_METHOD: run] Group cache completed for user directory AD and size of group cache is 0. Status message. No action required.
    [2014-01-11T14:37:00.917-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20007] [oracle.EPMCSS.CSS] [tid: 45] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.ProviderCacheThread] [SRC_METHOD: run] Group cache completed for user directory Native Directory and size of group cache is 19. Status message. No action required.
    [2014-01-11T14:37:00.917-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20331] [oracle.EPMCSS.CSS] [tid: 43] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Cache building is done for the providers, now started unifying the cache. This is a status messages. No action required.
    [2014-01-11T14:37:01.151-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20332] [oracle.EPMCSS.CSS] [tid: 43] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Unify cache done and cache object set to the cache manager. This is a status messages. No action required.
    [2014-01-11T17:37:00.752-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20330] [oracle.EPMCSS.CSS] [tid: 46] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheManager] [SRC_METHOD: getCache] Cache refresh started asynchronously. This is a status messages. No action required.
    [2014-01-11T17:37:01.174-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20005] [oracle.EPMCSS.CSS] [tid: 47] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Asynchronously started user directory cache building for user directory Native Directory. Status message. No action required.
    [2014-01-11T17:37:01.174-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20005] [oracle.EPMCSS.CSS] [tid: 47] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Asynchronously started user directory cache building for user directory AD. Status message. No action required.
    [2014-01-11T17:37:01.174-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20008] [oracle.EPMCSS.CSS] [tid: 48] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.impl.msad.MSADProvider] [SRC_METHOD: createCache] Group support is disabled for MSAD user directory AD returning empty cache map. Status message. No action required.
    [2014-01-11T17:37:01.174-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20007] [oracle.EPMCSS.CSS] [tid: 48] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.ProviderCacheThread] [SRC_METHOD: run] Group cache completed for user directory AD and size of group cache is 0. Status message. No action required.
    [2014-01-11T17:37:01.174-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20007] [oracle.EPMCSS.CSS] [tid: 49] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.ProviderCacheThread] [SRC_METHOD: run] Group cache completed for user directory Native Directory and size of group cache is 19. Status message. No action required.
    [2014-01-11T17:37:01.174-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20331] [oracle.EPMCSS.CSS] [tid: 47] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Cache building is done for the providers, now started unifying the cache. This is a status messages. No action required.
    [2014-01-11T17:37:01.361-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20332] [oracle.EPMCSS.CSS] [tid: 47] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Unify cache done and cache object set to the cache manager. This is a status messages. No action required.
    [2014-01-11T20:37:00.634-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20330] [oracle.EPMCSS.CSS] [tid: 50] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheManager] [SRC_METHOD: getCache] Cache refresh started asynchronously. This is a status messages. No action required.
    [2014-01-11T20:37:42.707-05:00] [EPMCSS] [ERROR] [EPMCSS-00301] [oracle.EPMCSS.CSS] [tid: 50] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.util.jndi.pool.JNDIConnectionPool] [SRC_METHOD: getBorrowObject] Failed to authenticate user. Invalid credentials. Enter valid credentials.
    [2014-01-11T20:37:42.707-05:00] [EPMCSS] [ERROR] [EPMCSS-00301] [oracle.EPMCSS.CSS] [tid: 50] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.impl.msad.JNDIHelper] [SRC_METHOD: getURLContext] Failed to authenticate user. Invalid credentials. Enter valid credentials.
    [2014-01-11T20:38:24.748-05:00] [EPMCSS] [ERROR] [EPMCSS-07047] [oracle.EPMCSS.CSS] [tid: 51] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.util.jndi.pool.JNDIConnectionPool] [SRC_METHOD: getBorrowObject] Failed to get connection  from connection pool for user directory AD. Error executing query. adweilcom:389. Verify user directory configuration.
    [2014-01-11T20:38:24.748-05:00] [EPMCSS] [ERROR] [EPMCSS-09102] [oracle.EPMCSS.CSS] [tid: 51] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.impl.msad.JNDIHelper] [SRC_METHOD: getURLContext] Failed to initialize group cache for MSAD user directory AD. Error connecting to url . ad.weil.com:389. Verify MSAD user directory configuration.
    [2014-01-11T20:38:24.748-05:00] [EPMCSS] [ERROR] [EPMCSS-00107] [oracle.EPMCSS.CSS] [tid: 51] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.CSSManager] [SRC_METHOD: pingConfiguredProviders] Failed to refresh group cache. Some of configured user directories not initialized [AD]. Verify user directory configuration.
    [2014-01-11T20:38:24.748-05:00] [EPMCSS] [WARNING] [EPMCSS-10029] [oracle.EPMCSS.CSS] [tid: 51] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: run] Exception while building asynchronous group cache for user directory. EPMCSS-00107: Failed to refresh group cache. Some of configured user directories not initialized [AD]. Verify user directory configuration.. Verify Shared Services security user directory configuration..
    [2014-01-11T20:39:06.806-05:00] [EPMCSS] [ERROR] [EPMCSS-00301] [oracle.EPMCSS.CSS] [tid: 50] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.util.jndi.pool.JNDIConnectionPool] [SRC_METHOD: getBorrowObject] Failed to authenticate user. Invalid credentials. Enter valid credentials.
    [2014-01-11T20:39:06.806-05:00] [EPMCSS] [ERROR] [EPMCSS-00301] [oracle.EPMCSS.CSS] [tid: 50] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.impl.msad.JNDIHelper] [SRC_METHOD: getURLContext] Failed to authenticate user. Invalid credentials. Enter valid credentials.
    [2014-01-11T20:39:06.806-05:00] [EPMCSS] [WARNING] [EPMCSS-10033] [oracle.EPMCSS.CSS] [tid: 50] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.facade.impl.CSSAbstractAuthenticator] [SRC_METHOD: authenticateUser] Skipping user directory {0} failed to communicate with server. {1}. No action required.
    [2014-01-11T20:39:06.806-05:00] [EPMCSS] [ERROR] [EPMCSS-00301] [oracle.EPMCSS.CSS] [tid: 50] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.facade.impl.CSSAbstractAuthenticator] [SRC_METHOD: authenticateUser] Failed to authenticate user. Invalid credentials. Enter valid credentials.
    [2014-01-11T21:40:41.799-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20330] [oracle.EPMCSS.CSS] [tid: 52] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheManager] [SRC_METHOD: getCache] Cache refresh started asynchronously. This is a status messages. No action required.
    [2014-01-11T21:40:41.986-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20005] [oracle.EPMCSS.CSS] [tid: 53] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Asynchronously started user directory cache building for user directory Native Directory. Status message. No action required.
    [2014-01-11T21:40:41.986-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20005] [oracle.EPMCSS.CSS] [tid: 53] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Asynchronously started user directory cache building for user directory AD. Status message. No action required.
    [2014-01-11T21:40:41.986-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20008] [oracle.EPMCSS.CSS] [tid: 54] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.spi.impl.msad.MSADProvider] [SRC_METHOD: createCache] Group support is disabled for MSAD user directory AD returning empty cache map. Status message. No action required.
    [2014-01-11T21:40:41.986-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20007] [oracle.EPMCSS.CSS] [tid: 54] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.ProviderCacheThread] [SRC_METHOD: run] Group cache completed for user directory AD and size of group cache is 0. Status message. No action required.
    [2014-01-11T21:40:42.002-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20007] [oracle.EPMCSS.CSS] [tid: 55] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.ProviderCacheThread] [SRC_METHOD: run] Group cache completed for user directory Native Directory and size of group cache is 19. Status message. No action required.
    [2014-01-11T21:40:42.002-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20331] [oracle.EPMCSS.CSS] [tid: 53] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Cache building is done for the providers, now started unifying the cache. This is a status messages. No action required.
    [2014-01-11T21:40:42.080-05:00] [EPMCSS] [NOTIFICATION:16] [EPMCSS-20332] [oracle.EPMCSS.CSS] [tid: 53] [ecid: disabled,0] [SRC_CLASS: com.hyperion.css.cache.CacheThread] [SRC_METHOD: buildCache] Unify cache done and cache object set to the cache manager. This is a status messages. No action required.

  • Hyperion Shared Services issue

    Hi All,
    We use Hyperion Planning 9.3.0.1. The servers were restarted yesterday and the services were started manually in the correct sequence. But I am having issues with MSAD users not been able to logon.
    When I looked at the Shared Services I tried searching for user/groups in the MSAD directory but it says communication error. I understand that it could be a change in the MSAD configuration that might have broken the link, however when I look at the log file I find the following entries:
    2009-04-27 14:25:28,141 [Timer-1] ERROR com.hyperion.cas.server.task.CASInActiveContextPingerTask.run(CASInActiveContextPingerTask.java:52) - IOException occured while pinging app with registered context path: http://servername:19000/workspace: Refer log in debug mode for details
    2009-04-27 14:25:49,032 [Timer-1] ERROR com.hyperion.cas.server.task.CASInActiveContextPingerTask.run(CASInActiveContextPingerTask.java:52) - IOException occured while pinging app with registered context path: http://servername:10080/eas: Refer log in debug mode for details
    2009-04-27 14:25:53,188 [Timer-1] ERROR com.hyperion.cas.server.task.CASInActiveContextPingerTask.run(CASInActiveContextPingerTask.java:52) - IOException occured while pinging app with registered context path: http://servername:19000/HyperionPlanning/: Refer log in debug mode for details
    2009-04-27 14:25:57,344 [Timer-1] ERROR com.hyperion.cas.server.task.CASInActiveContextPingerTask.run(CASInActiveContextPingerTask.java:52) - IOException occured while pinging app with registered context path: http://servername:19000/workspace: Refer log in debug mode for details
    2009-04-27 14:26:19,109 [Timer-1] ERROR com.hyperion.cas.server.task.CASInActiveContextPingerTask.run(CASInActiveContextPingerTask.java:52) - IOException occured while pinging app with registered context path: http://servername:10080/eas: Refer log in debug mode for details
    2009-04-27 14:26:23,594 [Timer-1] ERROR com.hyperion.cas.server.task.CASInActiveContextPingerTask.run(CASInActiveContextPingerTask.java:52) - IOException occured while pinging app with registered context path: http://servername:19000/HyperionPlanning/: Refer log in debug mode for details
    2009-04-27 14:26:28,313 [Timer-1] ERROR com.hyperion.cas.server.task.CASInActiveContextPingerTask.run(CASInActiveContextPingerTask.java:52) - IOException occured while pinging app with registered context path: http://servername:19000/workspace: Refer log in debug mode for details
    2009-04-27 14:26:49,203 [Timer-1] ERROR com.hyperion.cas.server.task.CASInActiveContextPingerTask.run(CASInActiveContextPingerTask.java:52) - IOException occured while pinging app with registered context path: http://servername:10080/eas: Refer log in debug mode for details
    2009-04-27 14:26:53,453 [Timer-1] ERROR com.hyperion.cas.server.task.CASInActiveContextPingerTask.run(CASInActiveContextPingerTask.java:52) - IOException occured while pinging app with registered context path: http://servername:19000/HyperionPlanning/: Refer log in debug mode for details
    2009-04-27 14:26:57,937 [Timer-1] ERROR com.hyperion.cas.server.task.CASInActiveContextPingerTask.run(CASInActiveContextPingerTask.java:52) - IOException occured while pinging app with registered context path: http://servername:19000/workspace: Refer log in debug mode for details
    2009-04-27 14:27:10,687 [Timer-0] ERROR com.hyperion.cas.web.util.memory.CASUsedMemoryTracker.run(CASUsedMemoryTracker.java:27) - Memory in use[12880 kb] = Total memory available[793837 kb] - Free memory available[780957 kb]
    2009-04-27 14:27:18,937 [Timer-1] ERROR com.hyperion.cas.server.task.CASInActiveContextPingerTask.run(CASInActiveContextPingerTask.java:52) - IOException occured while pinging app with registered context path: http://servername:10080/eas: Refer log in debug mode for details
    2009-04-27 14:27:22,984 [Timer-1] ERROR com.hyperion.cas.server.task.CASInActiveContextPingerTask.run(CASInActiveContextPingerTask.java:52) - IOException occured while pinging app with registered context path: http://servername:19000/HyperionPlanning/: Refer log in debug mode for details
    2009-04-27 14:27:27,140 [Timer-1] ERROR com.hyperion.cas.server.task.CASInActiveContextPingerTask.run(CASInActiveContextPingerTask.java:52) - IOException occured while pinging app with registered context path: http://servername:19000/workspace: Refer log in debug mode for details
    Recently there was an exercise done to change the Java heap size settings. I am wondering if it is related to that.
    Thanks in advance,
    Amol
    Edited by: AmolDatt on Apr 27, 2009 7:05 PM

    Hi,
    Those error messages usually happen when Shared Services has just started up and before the other services have started, it sends out a ping to see if it gets a response from the other application servers, the pings will fail until the other services have started, once they have started them messages should disappear.
    I would check that if any changes have happened to your MSAD or the account that shared services uses.
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • Shared Services Users Disappear from Groups

    We have Native Groups in Shared Services that we added users from our MSAD directory to. Yesterday we found that the groups no longer have these users in them and IT did say they did some moves in the directory over the weekend. But I'm wondering if that would really cause SS to drop all the users from the groups like this.
    Basically, no one is able to log in although we are testing adding users back to the groups and think that's working.
    I just don't want to have to re-create our groups anytime our MSAD is updated.
    I'd appreciate any help in understanding this better,
    Paul

    Our MSAD administrators moved some OU's around one day and it caused a lot of problems for us since our Shared Services MSAD configuration setting for "User DN" had all the OU's hard coded or what have you. I had to change them to the same that the AD folks had changed them to, then restart everything.
    So on the native side I can see how if they moved OU's around that could throw off what you had done. There's a utility which I've been too scared to use (probably harmless but I can't afford any mishaps) which tells Shared Services to search for MSAD changes and to force them through Shared Services, which is probably a nice thing to do once in a while especially when MSAD OU's are moved around. SS does not automatically poll for that type of change but you should be able to automate this.
    There's an updatenativedir utility that you can read up on which might help. Don't forget to do backups first of all the security-related databases & files, etc. first.
    Perhaps someone reading this is comfortable running UPDATENATIVEDIR and can help provide better guidance, if that's the issue here.
    Karen

  • Authentification from tow LDAP in webcenter spaces

    My customer need to open authentification in webcenter spaces for all his employees and for his partners which are saved on tow different LDAP directory.
    How can i do to allow authentification from this tow LDAP directory?
    Regards.
    CMN

    In Weblogic Console,
    Go to Security Realm - myrealm - Providers, select New
    Type your new Realm name, for example MSAD,select type ActivityDirectoryAuthentication and OK.
    In myrealm providers you'll see your new provider, click in reoder and put the new provider at first position. Do not restart server yet.
    Select your new provider, in Commom tab select Control Flag as SUFFICIENT.
    Go to Provider Specifc Tab, this is the configurantion tab, put your MSAD configuration.
    The principal field is the user that bind in your MSAD to search your MSAD users.
    User Base DN, is base that contains users.
    User From Name Filter: (&(sAMAccoauntName=%u)(objectclass=user))
    User Name Attribute: sAMAccountName.
    Apply all configurations, go to myrealm providers, select DefaultAuthentication and change Control Flag to SUFFICIENT.
    Restart you Admin and all your managed servers.
    Hope that help you.

  • Change in the shared services settings

    Hi,
    Recently the host name changed and I had to reconfigure the MSAD configuration. I restarted the Shared services and then restarted planning. I subsequently ran the userprovision.cmd to synchronise the users with Planning.
    But the users still can't seem to be able to logon using their ids.
    Do I need to restart all the services again?
    Regards,
    Amol

    Hi,
    Did you run the provisionusers.cmd or updateusers.cmd
    It will be the updateusers.cmd that should update the users in planning to be in line with shared services.
    Cheers
    John
    http://john-goodwin.blogspot.com/

  • Restaring Essbase OK without restarting other services

    I'm on Hyperion Planning S 9.3.1 and I need to stop and start my essbase service and wondered if that can be done without restarting all the other related services. I have the restart order list for when I restart the Workspace/Rpts/WA/Planning/HSS services but am wondering where Essbase fits in this list.

    Thanks for both replies! Things had gotten frozen up earlier today and I was hoping a quick essbase restart would have cleared it up. Before I got to that pretty much had to restart all my services to get things going again.
    Over the last couple months, when our network gets over utilized it seems to be freezing up our environment. Weird thing is we have five MSAD sources (about 500 users). We have users from TN to MI to AK using our central servers.
    When our network gets over utilized between two locations in MI (our HQ and a plant across the state) I go into HSS and pull properties for users and it nearly hangs or is real slow. Then this seems to ultimately effect my logging into EAS, the Excel Add-In and eventually the Workspace with an ID from either of those sites.
    I can click the 'test' in HSS for each of those MSAD configurations and get successful test's but it's slow. Our TN connectivity and performance doesn't seem to be bothered during these events either which is weird. But since I'm hosed with two sets of our user base I have to restart which effects everyone.
    I'm not sure where to dig into this further to identify the root cause of how this is happening or how HSS to Essbase. We've been on 9.3.1 for almost 2 years now and periodically have had to restart services but it's becoming more common and our IT had basically said our network is always going to be over utilized at time (which I understand) but I don't want to have to restart everything every time that happens. Any tips or areas/setting I might look at to make the environment more resistent to network instability?

  • Shared Services: Multi-domain MSAD based configuration issue

    Hello to All,
    Can someone tell me how to configure MSAD to use two domains X and Y under one user directory D.
    My actual configuration is based on the domain X and provides some MSAD users groups in D user directory.
    But I need to provisionne another user that belong to another AD in a foreign domain Y.
    A trusted relationship (approbation relationship) have been created between the two domains X and Y.
    Is this kind of multi-domain configuration allowed in Shared Services?
    If yes, how can I configure this?
    OS: Solaris
    Hyperion Shared Services 9.3.1
    Thanks in advance for your help

    There are a couple of ways:
    1) Add a new provider in Shared Services
    2) Modify your current provider to go to a higher level in your domain which will likely require different parameters on your existing Active Directory provider
    Option 2 is preferable if you see this will cascade and other domains will be needed and they are all under a global company domain.
    Regards,
    John A. Booth
    http://www.metavero.com

  • ALBPM Directory Service: Hybrid Configuration - MSAD Problems

    I've successfully configured the Directory Service of an ALBPM (Enterprise Standalone) v6.0.4 #94069 installation to use a MS Active Directory (MSAD) service for ALBPM organization infomation. I can view participant, group and organizational unit information using the Process Administrator. However, I've noted:
    <ul><li>The MSAD is swamped with (successful) authentication requests from the ALBPM directory service and
         and I have had to stop the ALBPM 6.0 server to prevent disruption to our MSAD service.
    </li>
    <li>
         Repeated warning messages in the ALBPM log about MSAD Contacts, listed in MSAD Groups, that cannot be found as ALBPM Participants. These messages do not appear for MSAD Users who are correctly shown as ALBPM Participants.
    </li>
    <li>
         Repeated warning messages in the ALBPM log about MSAD Groups that cannot be found as ALBPM Groups where the MSAD Group definiton is such that the MSAD sAMAccountName value for the group is different to the MSAD name or cn value.
    </li>
    </ul>
    Is anyone else using MSAD in their ALBPM directory service configuration? Have you seen similar issues? I've tried reporting this via Oracle Support, however, my impression is that others users do not have such problems using MSAD with ALBPM or Oracle BPM.
    Thanks,
    Rob

    Hi Rob,
    Have a read of this http://download.oracle.com/docs/cd/E13154_01/bpm/docs65/admin_guide/index.html if you are using groups.
    I'm using Novell eDirectory instead of AD but am also seeing a large number of requests from BPM. However, I've not had time yet to investigate to what these relate.
    Thanks,
    Mike,

Maybe you are looking for

  • Cleared Document Resetting

    Hi, My client needs mannual number range for booking all documents. Now I want to reset a vendor payment clearing document(i.e. vendor amt is net of w.holding taxes) as system does not allow to reset net of tax based cleared document. Pls. help. Rega

  • Issue in "Inheritance" New GL

    Hi Experts, Could you help me solve the issue. I feel inheritance is not working properly for me. I have checked the inheritance check box in doc splitting activation. When I post a FB50 document with 2 line items, one line item having profit center

  • Mdb : missing modules on Solaris 10 ??

    I'm trying to debug a core using mdb. All of the web pages I look at show commands like "::ps" and "::pgrep". These would be great, but I don't see any of these when I enter "::dcmds" nor "::dmods -l". It looks like the "modules" are in /usr/lib/mdb/

  • Purchase requisition valuation price

    Hi Gurus System prompts me to enter the valuation price in purchasing screen in the sales order when I select the item category TAS/TAB. I maintained the valuation price using MR21 but still does not pick it. Info record too exists. Is something thin

  • Call a program in AS400

    Hi All, I try to call a program in AS400. Is this possible with PI. I made a research and found that through JDBC (with jt400) we can connect. BUT can we call a program which is written in RPG or COBOL? Is this possible? Thanks.