If you are unable to create a new account, please email support@bspsoftware.com

 

News:

MetaManager - Administrative Tools for IBM Cognos
Pricing starting at $2,100
Download Now    Learn More

Main Menu

401 - Unauthorized: Access is denied due to invalid credentials?

Started by hrk551, 27 Jan 2012 02:35:03 PM

Previous topic - Next topic

hrk551

Hi,

we are using AD, and  I have followed all the steps to create virtual directories and set SSO and I was successful (i.e i was able to login to cognos connection with out providing any credentials). after a gap of 2 week I tried to open cognos connection and its prompting for a user Id password. I dont understand what ha chnaged in this two weeks. But when I login to cognos connection from the web server its self I am successfu, its only I am not able to login from outside. And the hard part is after providing credentials I am not able to login from outside. Any ideas wats going on.

Thank you.

zviko

are youusaying you can't login using the credentials you uprovided? and when you login through the webserver, do you provide any credentilas or it's anonymous?

SomeClown

Add the webserver to the Local Intranet security zone on the web client machine  (Tools | Internet Options in IE)

Grim

Quote from: SomeClown on 31 Jan 2012 06:27:35 AM
Add the webserver to the Local Intranet security zone on the web client machine  (Tools | Internet Options in IE)

This is what I was going to suggest.

Out of curiosity, are you launching IE on the same machine that Cognos is installed on? If yes, what happens if you try to launch it from a separate machine(Not the server)?
"Honorary Master of IBM Links"- MFGF
Certified IBM C8 & C10 Admin, Gamer, Geek and all around nice guy.
<-Applaud if my rant helped! 8)

hrk551

Hi all,

Its working now, but dont ask me the reasons I dont have any idea. All I did is one I enabled Anonymus>> restart IIS >> logged in using credentials >> Disabled anonymous >> restart IIS>> and same credntial issue
>> Next day working properly, with SSO.

Not able to point out the issue.

Thankx ..HRK

kommireddy

You need to make sure IUSER_<server name> is not part of Guests windows security group. Go to computer management, under Local users and Groups, select Groups, double click on Guests, remove IUSER_<server name> entry from there.

Jaro2

also, if your ads-users are member of a large amount of rolls (in our case up to 500 rolls), check the value MaxHttpHeaderSize in the Tomcat /conf/server.xml. (set to 32768)

Perhaps you need to add e few registry-keys for IIS, like 'MaxFieldLength' (65534) and 'MaxRequestBytes (16777216) in HKLM\system\currentcontrolset\services\http\parameters.

In short: to much information is passed in the http-headers.....

Check this: http://support.microsoft.com/kb/2020943