SSL Enabling Shared Services and Active Directory

The SSL config guidfe suggests that a valid certificate (CA) must be issue for User directories (MSAD/LDAP), Web and application servers. Is it essential to obtain a CA for for MSAD as well? Can we do without MSAD cert? We have the certs for our Web and App layers ready. We are not sure if the IT department has SSL configured MSAD. If MSAD/LDAP is not SSL configured - can we still go about SSL-Enabling Hyperion? Thanks.
-- Srini

If your MSAD is set for SSL, you can import their certificates through your Java Application Server. Since you are unsure, I would set up MSAD and if you are able to browse for users on the AD domain in Shared Services, you are good to go.
I must say that SSL is a big pain from my point of view. Unless you are required to encrypt because of the data you have stored, I would pass it up. The certificates often expire on a yearly basis and there are many different certificates to keep track of. Multiply that by Development, Prod, BCP or Recovery server, and you're looking at lots of maintenance.
The big pain comes when the signer certificate for your server expires because after the next reboot or restart of your JVMs, Shared Services starts up but none of the other applications can talk to it which means your whole application is down until you get that certificate fixed. My organization is fairly strict on their controls, so that means that I either make a federal case out of my system being down or I get to wait three days for a change request. Big pain in the rear.

Similar Messages

Error While Configuring the Shared Service with Active Directory

Hi All,
I am getting a error while configuring MSAD with Shared Service, when entering the User Id and password and clicking next, the following error is displayed:
"EPMCSS-05180:Failed to validate Security configuration. Failed to connect. Invalid values for Base DN, User DN or Password. Enter valid value(s). Root Cause : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]"
The AD user has the read access to the all users and group in Active Directory. If I use an Active Directory user with Admin privilege, It is getting connected.
But client is not ready to provide the Admin Access due to their internal policy and I also don't have any document which says admin privilege is required. According to the document,the user should have the following privileges only.
"The distinguished name of the user that Shared Services should use to bind with the user directory. This user must have search privilege on the RDN attribute within the DN. For example, in the dn: cn=John Doe, ou=people, dc=myCompany, dc=com, the bind user should have search access to the cn attribute.Special characters in User DN must be specified using escape characters. See “Using Special Characters” on page 46 for restrictions.
Example: cn=admin,dc=myCompany,dc=com
But I am getting confused with the statement "This user must have search privilege on the RDN attribute within the DN". Is it not search privillege?
Can anybody help me with required privilege for Active Directory user to configure with Shared Service.
Thanks in Advance,
Sunil

Thank you All,
i tried connecting using AD Browser from Microsoft, and it went in properly. then i found out that the AD Team here were giving a Wrong Credentials to connect, they Gave me HYP_OID which infact turned out to be a Principal name instead of a 'cn'.
after searching in the AD Browser i found the correct cn which is "Hyperion OID", then it went to the second Screen where now i am trying to search for the Users based on thier Job Nature.
Thank you for all the Support Guys, you both "Celvin" and "John" are the Top Guys under my Search list for any technical Assistance.
Thank you once again Friends....
Regards,
Sunil...
Shantan....

How to enable Kerberos - Shared Services and Workspace

Hi All
I'm trying to enable Kerberos SPNEGO with WebSphere 6.1.0.31. I've protected the urls.....and i can see the handshake happening in the trace logs.....
Shared Services SSO is working fine if i use the option of Get Remote user info from http header.....
But workspace doesn't seem to accept any of the options given $REMOTE_USER$, $HTTP_USER$.
Can some please let me know how to do this....? Or is there a way to change the header information?

Thanks john For ur reply ..i have seen these documents long ago ..i am asking about Shared services and workspace architecture and how these are functioning and where we can find out communication error and slow login issue with workspce and shared services.. How authentication is log on ..is there any machanisam they are using for authencation ...We are using OpenLadp ...
Ex :1.Per suppose log on to workspace that request goes to shared services directory and it will check whether that user is exists or not on Shared services tables ...here what kind of alogirtham using to aunthenticate user...How we can diagonse this process taking to much time,,,is there any specific logs related this (If logs are exsits how we can find out)...
2.Once authencation done successfully and responce send to workspace and populate workspace home page...then i click on application button (FM application) and it's taki ng to much time to load HFM page.To this where we need to look whta excatly problem? what are logs file helpful to us to diagonse..

Shared Services and Planning Synchronization

Ok, this is probably useful for a lot of people, but can anyone articulately explain the relationship between MSAD (or whatever the source security system is), Shared Services, and Planning? There are like 5 utiities and or Web Client buttons that claim to sync different parts to each other.
MSAD is the source system. It is "plugged into" Shared Services. (Are these always in sync, is there some utility to run to sync them?)
Then there is this Shared Services "Native Directory" what is this? There is a "Sync Native Directory" button in Shared Services, what does this sync?
Assuming that SS is synced with MSAD, we then turn to Planning. In Planning, there are "Migrate Identities" and "Remove Non-Provisioned Users/Groups" buttons. What do these buttons sync, and is Migrate Identities the same as the ProvisionUsers.cmd utility?
I want to know the best way to keep all this in sync, MSAD to SS and SS to Planning. Is any of this automatic, and if I need to run manual utilities, which ones do I need to run and which "buttons" do I need to push.
thanks
-Patrick

Hi,
Ok here goes, I am not really sure which version you are on because there was a bit of a change between 9.2 and 9.3 with regards to MSAD (uses the ObjectGUID instead of SamAccountName)
Sync Native Directory - Shared Services contains all the product registration details, OpenLdap (Native Directory) stores all the provisioning, sometimes it is possible they could go out of sync which is pretty rare, so the sync native directory makes sure Shared Services and Open Ldap are in sync.
Migrate Identities - I think this is more of the line of the updateusers.cmd utility where if a user has changed in the directory (this was more of an issue when SamAccountName was used as users group change OUs in the Active Directory) it will update the planning table with the new details.
Remove-Non Provisioned Users/Groups - I am sure this doesn't actually work and has been removed in later versions, it is meant to clear up users/groups in the planning tables where there don't exist in Shared Services anymore.
It depends what you mean by is MSAD always in sync with Shared Services, if you are using 9.3 and configured to use the ObjectGUID then it is pretty much in sync as the id is not likely to change, if you are using SamAccountName and a user moves place in the organisational structure then it can go out of sync. There is another ultilty for that :) (update native directory utility)
If you run the provision users utility after you have provisioned a user in shared services it will add the user to the planning tables and also push the user to essbase.
All depends what you are finding is it a problem to what utility to you want to use.
Cheers
John
http://john-goodwin.blogspot.com/

Shared services and workspace architecture(How we can find out req &respon)

Good morning Hyperion folks,
Does any body have any document or PDF about workspace and shared service architecture...How these both components are communicate each other..any idea or any document..while communicating of these if anything goes wrong,,where we need to check, what is exactly the problem (any suggestible logs)...
Company are doing big mistake by using this hyperion tool ..These guys are not supporting and even they don't know much about the tool apart Product dev team..and that too they are not disclosure any documents related product...
**Does anybody found any kind performance tunning guide or lab guide about workspace and shared service HFM,Planning...** I have never seen component wise documents and tunning guide and recommendations.
I am strong opnion about hyperion is,we would not get any support from oracle and documents so He can migrate Cognos TM1 and Finance management etc........
Edited by: 888154 on 29/09/2011 02:55

Thanks john For ur reply ..i have seen these documents long ago ..i am asking about Shared services and workspace architecture and how these are functioning and where we can find out communication error and slow login issue with workspce and shared services.. How authentication is log on ..is there any machanisam they are using for authencation ...We are using OpenLadp ...
Ex :1.Per suppose log on to workspace that request goes to shared services directory and it will check whether that user is exists or not on Shared services tables ...here what kind of alogirtham using to aunthenticate user...How we can diagonse this process taking to much time,,,is there any specific logs related this (If logs are exsits how we can find out)...
2.Once authencation done successfully and responce send to workspace and populate workspace home page...then i click on application button (FM application) and it's taki ng to much time to load HFM page.To this where we need to look whta excatly problem? what are logs file helpful to us to diagonse..

Issue bringing up Shared Services and Planning

Hi guys,
We have added 3 new MSAD to our Shared Services for user authentication, previously we already had 2 setup and working fine.
Now that we added the 3 new ones, we restarted Planning and Shared services and now it doesn't come back up.
We see the following error message on the logs:
2009-11-27 17:05:09,702 [Thread-23] WARN com.hyperion.css.spi.impl.msad.MSADCacheUpdater.updateUserCache(Unknown Source) - Ignoring User. Error getting User for User Cache:[LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
     'DC=IL,DC=x,DC=Corp'
2009-11-27 17:05:09,811 [Thread-23] WARN com.hyperion.css.spi.impl.msad.MSADCacheUpdater.updateUserCache(Unknown Source) - Ignoring User. Error getting User for User Cache:[LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
     'DC=IL,DC=xx,DC=Corp'
2009-11-27 17:05:09,936 [Thread-23] WARN com.hyperion.css.spi.impl.msad.MSADCacheUpdater.updateUserCache(Unknown Source) - Ignoring User. Error getting User for User Cache:[LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
     'DC=IL,DC=xx,DC=Corp'
These "xx" we are just using because of the company name but it has the right name
That's the security log for Shared Services.
Do you have an idea of what I can do either to bring it up with the new MSAD or delete the newly created and bring it back up?
Thanks in advance

Usually your MSAD admins will have a master domain setup that has access to all geographic specific domains. You would have a user setup in this higher level domain
Let's say you have the following setup:
na.ad.co.com
sa.ad.co.com
eme.ad.co.com
jp.ad.co.com
cn.ad.co.com
You would just need one domain setup at ad.co.com with a user who has read access to that directory. The way Shared Services security is setup you may need to re-provision some users with that new global provider and I highly recommend using a group filter -- your group filter can be in any of the domains just all users would need to be added to it in that domain.
Regards,
John A. Booth
http://www.metavero.com

Shared Services and LDAP

This is a complete newbie question so pardon me if I sound ignorant: my understanding is that you provision users in Planning (11.1.13 or Fusion) through Shared Services. So if you're installing and configuring planning from scratch, you have to get users into Shared Services. However, these is also a concept called native directory or OpenLDAP which is involved somewhere. How do I push users into sharedservices/planning application and where does OpenLDAP come into this? thanks.

You provision the users in shared services, there is also an Openldap database which stores user information in its database, so when you can create and provision a user some of the information is stored in Shared Services and some in Openldap (Openldap has finally been removed in 11.1.2 which is a positive move in my opinion)
Once you have provisioned a user for planning and then either refesh planning, run one of the utilities or run a refresh the user information is passed into the planning tables. Also when a user logs into planning it queries shared services to see if they exist and their password is correct.
Cheers
John
http://john-goodwin.blogspot.com/

I am new How to make internet enable group in my active directory 2003 ?

I am new How to make internet enable group in my active directory 2003 ?
Thanks & Regards, Amol . Amol Dhaygude

Greetings!
What is Internet Enabled Group? Would you please clarify this?
Mahdi Tehrani |
|
www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers?

Difference between Windows NT domain registry and Active Directory registry

What are the difference(s) ?

Frank, thanks for your response :)
I want WebSphere Application Server to take advantage of a directory service. There are multiple options available for a directory service.
In my configuration the requirement is to make WebSphere Application server to use Microsoft's Active Directory.
While I was going through (WebSphere) documentation, I see following note.
" With Windows NT domain registry support for Windows 2000 and 2003 domain
controllers, WebSphere Application Server only supports Global groups that are the Security type. It is recommended that you use the Active Directory registry support rather than a Windows NT domain registry if you use Windows 2000 and 2003 domain controllers
because the Active Directory supports all group scopes and types. The Active Directory also supports a nested group that is not support by Windows NT domain registry. The Active Directory is a centralized control registry."
You can find the above note in this link (somewhere after 7th line)
http://www-01.ibm.com/support/knowledgecenter/SSAW57_7.0.0/com.ibm.websphere.nd.multiplatform.doc/info/ae/ae/csec_localos.html?cp=SSAW57_7.0.0%2F3-11-5-1-0-0
Does it mean that they are recommending to use Active Directory over Windows NT (which is an older approach) with windows server 2000 or windows server 2003 because Active directory is
advanced ?
I was under the impression that, Active Directory was started with Microsoft Windows Server 2003 and Windows NT registry was used till Windows 2000 server.
After going through above links,
Windows NT registry in an old method. However, it is compatible with Windows Server 2000 and Windows server 2003 but it is recommended to use Active directory with Windows Serve 2003 as it is more advanced. And the same is recommended in WebSphere documentation
(I am aware that support for Windows Server 2000 is over and only extended support is available for Windows Server 2003 however this is to clear doubt). Is my understanding correct ? And does windows server 2000 also support both i.e we can use either Windows
NT registry or Active directory and similarly, Either of them (Windows NT or Active Directory) could be used with Windows Server 2003 ?
And if I got it correct, Is Windows NT and Active Directory, both directory service offering from Microsoft? While NT being an old method and Active Directory being a new/advanced approach ?

Step by step process to create domain name and active directory in windows 7 64 bit

Step by step process to create domain and active directory in windows 7 64 bit
I work in an organization
I want to create a domain name SBBYDP and make it server for other computers
I want that, all users’ have a personal account while they use any computer from this organization, even they use any computer from this network they use their own account to login to network.
And this may be in Active directory option.
I installed windows 7 professional edition 64 bit
Can any person help me? Step by step process, I always thanks full all of you

Hi,
You must use the Windows Server platform system for the AD service, you can refer the following KB first:
Active Directory
http://technet.microsoft.com/en-us/library/bb742424.aspx
AD DS Deployment Guide
http://technet.microsoft.com/zh-cn/library/cc753963(v=ws.10).aspx
Hope this helps.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Looking for successful auth debug between cisco 1113 acs 4.2 and Active Directory

Hello,
Does anyone have a successful authentication debug using cisco 1113 acs 4.2 and Active Directory? I'm not having success in setting this up and would like to see what a successful authentication debug looks. Below is my current situation:
Oct 6 13:52:23: TPLUS: Queuing AAA Authentication request 444 for processing
Oct 6 13:52:23: TPLUS: processing authentication start request id 444
Oct 6 13:52:23: TPLUS: Authentication start packet created for 444()
Oct 6 13:52:23: TPLUS: Using server 110.34.5.143
Oct 6 13:52:23: TPLUS(000001BC)/0/NB_WAIT/46130160: Started 5 sec timeout
Oct 6 13:52:23: TPLUS(000001BC)/0/NB_WAIT: socket event 2
Oct 6 13:52:23: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
Oct 6 13:52:23: T+: session_id 763084134 (0x2D7BBD66), dlen 26 (0x1A)
Oct 6 13:52:23: T+: type:AUTHEN/START, priv_lvl:15 action:LOGIN ascii
Oct 6 13:52:23: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:12 (0xC) data_len:0
Oct 6 13:52:23: T+: user:
Oct 6 13:52:23: T+: port: tty515
Oct 6 13:52:23: T+: rem_addr: 10.10.10.10
Oct 6 13:52:23: T+: data:
Oct 6 13:52:23: T+: End Packet
Oct 6 13:52:23: TPLUS(000001BC)/0/NB_WAIT: wrote entire 38 bytes request
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: Would block while reading
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 16bytes data)
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:23: TPLUS(000001BC)/0/READ: read entire 28 bytes response
Oct 6 13:52:23: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
Oct 6 13:52:23: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
Oct 6 13:52:23: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:10, data_len:0
Oct 6 13:52:23: T+: msg: Username:
Oct 6 13:52:23: T+: data:
Oct 6 13:52:23: T+: End Packet
Oct 6 13:52:23: TPLUS(000001BC)/0/46130160: Processing the reply packet
Oct 6 13:52:23: TPLUS: Received authen response status GET_USER (7)
Oct 6 13:52:30: TPLUS: Queuing AAA Authentication request 444 for processing
Oct 6 13:52:30: TPLUS: processing authentication continue request id 444
Oct 6 13:52:30: TPLUS: Authentication continue packet generated for 444
Oct 6 13:52:30: TPLUS(000001BC)/0/WRITE/46130160: Started 5 sec timeout
Oct 6 13:52:30: T+: Version 192 (0xC0), type 1, seq 3, encryption 1
Oct 6 13:52:30: T+: session_id 763084134 (0x2D7BBD66), dlen 15 (0xF)
Oct 6 13:52:30: T+: AUTHEN/CONT msg_len:10 (0xA), data_len:0 (0x0) flags:0x0
Oct 6 13:52:30: T+: User msg: <elided>
Oct 6 13:52:30: T+: User data:
Oct 6 13:52:30: T+: End Packet
Oct 6 13:52:30: TPLUS(000001BC)/0/WRITE: wrote entire 27 bytes request
Oct 6 13:52:30: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:30: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 16bytes data)
Oct 6 13:52:30: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:30: TPLUS(000001BC)/0/READ: read entire 28 bytes response
Oct 6 13:52:30: T+: Version 192 (0xC0), type 1, seq 4, encryption 1
Oct 6 13:52:30: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
Oct 6 13:52:30: T+: AUTHEN/REPLY status:5 flags:0x1 msg_len:10, data_len:0
Oct 6 13:52:30: T+: msg: Password:
Oct 6 13:52:30: T+: data:
Oct 6 13:52:30: T+: End Packet
Oct 6 13:52:30: TPLUS(000001BC)/0/46130160: Processing the reply packet
Oct 6 13:52:30: TPLUS: Received authen response status GET_PASSWORD (8)
Oct 6 13:52:37: TPLUS: Queuing AAA Authentication request 444 for processing
Oct 6 13:52:37: TPLUS: processing authentication continue request id 444
Oct 6 13:52:37: TPLUS: Authentication continue packet generated for 444
Oct 6 13:52:37: TPLUS(000001BC)/0/WRITE/46130160: Started 5 sec timeout
Oct 6 13:52:37: T+: Version 192 (0xC0), type 1, seq 5, encryption 1
Oct 6 13:52:37: T+: session_id 763084134 (0x2D7BBD66), dlen 16 (0x10)
Oct 6 13:52:37: T+: AUTHEN/CONT msg_len:11 (0xB), data_len:0 (0x0) flags:0x0
Oct 6 13:52:37: T+: User msg: <elided>
Oct 6 13:52:37: T+: User data:
Oct 6 13:52:37: T+: End Packet
Oct 6 13:52:37: TPLUS(000001BC)/0/WRITE: wrote entire 28 bytes request
Oct 6 13:52:37: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:37: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 33bytes data)
Oct 6 13:52:37: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:37: TPLUS(000001BC)/0/READ: read entire 45 bytes response
Oct 6 13:52:37: T+: Version 192 (0xC0), type 1, seq 6, encryption 1
Oct 6 13:52:37: T+: session_id 763084134 (0x2D7BBD66), dlen 33 (0x21)
Oct 6 13:52:37: T+: AUTHEN/REPLY status:7 flags:0x0 msg_len:27, data_len:0
Oct 6 13:52:37: T+: msg: Error during authentication
Oct 6 13:52:37: T+: data:
Oct 6 13:52:37: T+: End Packet
Oct 6 13:52:37: TPLUS(000001BC)/0/46130160: Processing the reply packet
Oct 6 13:52:37: TPLUS: Received Authen status error
Oct 6 13:52:37: TPLUS(000001BC)/0/REQ_WAIT/46130160: timed out
Oct 6 13:52:37: TPLUS(000001BC)/0/REQ_WAIT/46130160: No sock_ctx found while handling request timeout
Oct 6 13:52:37: TPLUS: Choosing next server 101.34.5.143
Oct 6 13:52:37: TPLUS(000001BC)/1/NB_WAIT/46130160: Started 5 sec timeout
Oct 6 13:52:37: TPLUS(000001BC)/46130160: releasing old socket 0
Oct 6 13:52:37: TPLUS(000001BC)/1/46130160: Processing the reply packet
Oct 6 13:52:49: TPLUS: Queuing AAA Authentication request 444 for processing
Oct 6 13:52:49: TPLUS: processing authentication start request id 444
Oct 6 13:52:49: TPLUS: Authentication start packet created for 444()
Oct 6 13:52:49: TPLUS: Using server 172.24.5.143
Oct 6 13:52:49: TPLUS(000001BC)/0/NB_WAIT/46130160: Started 5 sec timeout
Oct 6 13:52:49: TPLUS(000001BC)/0/NB_WAIT: socket event 2
Oct 6 13:52:49: T+: Version 192 (0xC0), type 1, seq 1, encryption 1
Oct 6 13:52:49: T+: session_id 1523308383 (0x5ACBD75F), dlen 26 (0x1A)
Oct 6 13:52:49: T+: type:AUTHEN/START, priv_lvl:15 action:LOGIN ascii
Oct 6 13:52:49: T+: svc:LOGIN user_len:0 port_len:6 (0x6) raddr_len:12 (0xC) data_len:0
Oct 6 13:52:49: T+: user:
Oct 6 13:52:49: T+: port: tty515
Oct 6 13:52:49: T+: rem_addr: 10.10.10.10
Oct 6 13:52:49: T+: data:
Oct 6 13:52:49: T+: End Packet
Oct 6 13:52:49: TPLUS(000001BC)/0/NB_WAIT: wrote entire 38 bytes request
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: Would block while reading
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: read entire 12 header bytes (expect 43bytes data)
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: socket event 1
Oct 6 13:52:49: TPLUS(000001BC)/0/READ: read entire 55 bytes response
Oct 6 13:52:49: T+: Version 192 (0xC0), type 1, seq 2, encryption 1
Oct 6 13:52:49: T+: session_id 1523308383 (0x5ACBD75F), dlen 43 (0x2B)
Oct 6 13:52:49: T+: AUTHEN/REPLY status:4 flags:0x0 msg_len:37, data_len:0
Oct 6 13:52:49: T+: msg: 0x0A User Access Verification 0x0A 0x0A Username:
Oct 6 13:52:49: T+: data:
Oct 6 13:52:49: T+: End Packet
Oct 6 13:52:49: TPLUS(000001BC)/0/46130160: Processing the reply packet
Oct 6 13:52:49: TPLUS: Received authen response status GET_USER (7)
The 1113 acs failed reports shows:
External DB is not operational
thanks,
james

Hi James,
We get External DB is not operational. Could you confirm if under External Databases > Unknown User Policy, and verify you have the AD/ Windows database at the top?
this error means the external server might not correctly configured on ACS external database section.
Another point is to make sure we have remote agent installed on supported windows server.
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.2/installation/guide/remote_agent/rawi.html#wp289013
Also provide the Auth logs from the server running remote agent, e.g.:-
AUTH 10/25/2007 15:21:31 I 0376 1276 External DB [NTAuthenDLL.dll]:
Attempting Windows authentication for user v-michal
AUTH 10/25/2007 15:21:31 E 0376 1276 External DB [NTAuthenDLL.dll]: Windows
authentication FAILED (error 1783L)
thanks,
Vinay

Shared services and workspace login error in epm 11.1.2.3

Hello,
When click on the url of shared services and workspace for epm 11.1.2.3
showing the below error as soon.
"Internet explorer can not display the webpage error"
Tried with all supported browsers
Please suggest all possibles solutions..
Thanks

Have you check the logs to make sure all the web apps are up and running and no errors are being generated.
Cheers
John
http://john-goodwin.blogspot.com/

Shared services and Filter

Hi Guru's
how can i assign a filter to a group in shared services. I have created one group in shared services and filter in EAS.Do i have to click on export to shared services ? where in shared services will i see my filter to make it effective on the group
thank you

Hi,
Refer to this thread. The same was discussed there...
Re: Granting filters without writing maxl

Hyperion EPM: Will Oracle Express suffice for Shared Services and Registry?

Hi.
I'm trying to install Hyperion EPM on Linux to make use of the Hyperion Interactive Reporting server components to allow report scheduling, web delivery of reports, etc. My data sources will all be MySQL. I'm at the point where I'm attempting to use the EPM Configurator for setting up Shared Services and Registry Database Connection. It seems my options for choosing a database on which to allow Shared Services and Registry data to reside are limited to 3: Oracle, SQL Server or DB2 (noticeably absent is MySQL)
So, it looks like I'm going to have to install an Oracle DB instance at the very least.
My question is this:
Can I get away with just installing Oracle Express for the Shared Services and Registry or will I have to install a full blown Oracle DB instance?
Thanks
-- Tom

Hi, I confirm that you can use Oracle Express for Shared services and registry. We have installed the complete EPM platform on a single virtual machine using Oracle Express. It’s interesting to use it because Oracle Express use less resource. We can run this virtual machine on a computer that only have 4GB of RAM and get good performance (for a single user).
I recommend using it for proof-of-concept and Bootcamps.

Shared services and Essbase Sync issue

Hi,
Today morning all of sudden lot of users raised an issue that they can't see few applications while connecting through Smart view. I have checked Shared services and the groups are already provisoned. Finally I ran alter system resync sss and after the syncing its fine.
Any reasons why this morning Syncing was not there.
Thanks..

Its fascinating, if the users are provisioned too they can see other applications in smart view and that's what I heard but never checked on it, Is there any possible filters where they cant see it ?
If so please let me know.

SSL Enabling Shared Services and Active Directory

Similar Messages

Maybe you are looking for