If you are unable to create a new account, please email support@bspsoftware.com

 

News:

MetaManager - Administrative Tools for IBM Cognos
Pricing starting at $2,100
Download Now    Learn More

Main Menu

AAA-SYS-0001 Error

Started by Jayson.A, 10 Jun 2014 07:58:18 AM

Previous topic - Next topic

Jayson.A

Hello,

I'm sure many of you at one point in time of experience the following error (CM-REQ-4342 An error occurred with the client. AAA-SYS-0001 An internal error occurred. xts.runjava.lang.RuntimeException: Expected a single account object java.lang.RuntimeException)

I've been battling this error since Cognos 8 and into Cognos 10. After 3 years of troubleshooting i believe we finally narrowed it down and i wanted to share my thoughts with everyone.

So if you are using Single Sign On via Active Directory Cognos will use Kerberos tickets to authenticate. By default it seems Active Directory sets the END Date of the ticket and the renewal date to the same thing.

Example:

Client: BobJones @ BobJones.Domain.COM
Server: HTTP/CognosPortal.BobJones.Domain.COM @ BobJones.Domain.COM
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
Ticket Flags 0x41a45400 -> forwardable renewable pre_authent ok_as_delegate
Start Time: 6/10/2014 8:17:00 (local)
End Time:   6/10/2014 17:41:58 (local)
Renew Time: 6/10/2014 17:41:58 (local)

Session Key Type: RSADSI RC4-HMAC(NT)


You can see from the kerberos ticket above that the end date and the renew date are the same. Apparently this happens when OU inheritance is turned off in AD but i have yet to confirm this.

You can get these details from doing "klist tickets" from a cmd prompt on the users machine.

Has anyone had this issue and confirmed this?

Thanks,