Active Directory Configuration with Cognos 10.2

[xplorerdev]

Hi All,

I have just now installed Active Directory Domain Services onto our Windows 2008 R2 Edition Server.
FQDN = ad.local
User = ad.local\Administrator
Pswd = AXSphy@1
Physical Server Static IP: 172.16.33.8


Now, I am trying to configure this Active Directory in Cognos 10.2

In Cognos Configuration Manager > Authentication, I have done the following:

Created New Namespace = AD
Namespace ID = AD
Host and port = 172.16.33.8:389
Binding Credentials UserID: ad.local\Administrator
Binding Credential Pswd: AXSphy@1
Time out in seconds = -1
Size limit = -1

Under AD, I have set "Restrict Access to members of the huilt-in namespace" to TRUE.

Under Cognos, i.e. the default namespace, I have set "Allow anonymous access" to FALSE.

When I Test the AD namespace, I get the following error messages:

[''AD'']
[ ERROR ] CAM-AAA-0146 The namespace 'AD' is not available.
[ ERROR ] CAM-AAA-0064 The function 'Configure' failed.
[ ERROR ] CAM-AAA-0089 The provider is not initialized.
[ ERROR ] ADSI Error HRESULT Returns:
ERROR_DS_SERVER_DOWN
ADSI Error:

System Error:
The server is not operational.

[ ERROR ] CAM-AAA-0124 The Active Directory function call to 'getDomainTreesTopology' failed.


Any suggestions/advice will be highly appreciated.


Thanks n Regards
Dev

[Grim]

Try an anonymous bind. Clear out the bind credentials.

[sir_jeroen]

You say FQDN is AD.LOCAL but I assume this is your domain.
A FQDN consists of: <Servername>.<domain> e.g. dc1.cognos.com (old memories must be kept alive ;-) )
so
servername = dc1
domain = cognos.com

I would do this:

Created New Namespace = AD
Namespace ID = AD
Host and port = AD.LOCAL:389 Let Cognos talk to the domain and let the controller handle the load balancing :D
Binding Credentials UserID: ad.local\Administrator
Binding Credential Pswd: AXSphy@1
Time out in seconds = <Leave default>
Size limit = <Leave default>

[xplorerdev]

Hi Grim,

Thanks for your reply.

I removed the binding credentials. But now I am getting the following error:

[''AD'']
[ ERROR ] CAM-AAA-0146 The namespace 'AD' is not available.
[ ERROR ] CAM-AAA-0064 The function 'Configure' failed.
[ ERROR ] CAM-AAA-0089 The provider is not initialized.
[ ERROR ] CAM-AAA-0036 Unable to authenticate because the credentials are invalid.
[ ERROR ] ADSI Error:
8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1
System Error:
Logon failure: unknown user name or bad password.


Hi ReportNet Addict,

Thanks for your reply.

I tried what you have suggested. But now I am getting the following error:

[''AD'']
[ ERROR ] CAM-AAA-0146 The namespace 'AD' is not available.
[ ERROR ] CAM-AAA-0064 The function 'Configure' failed.
[ ERROR ] CAM-AAA-0043 The LDAP directory server 'AD.LOCAL':'389' is not running.
[ ERROR ] ADSI Error HRESULT Returns:
ERROR_DS_SERVER_DOWN
ADSI Error:

System Error:
The server is not operational.


Thanks to both of you for your replies. Looking forward for more suggestions.


Thanks n Regards
Dev

[sir_jeroen]

If you do a "ping localhost"?
You should get a correct FQDN. Remove the servername and you have your domain name.
What response do you get when you do "ping AD.local"?

[xplorerdev]

Hi ReportNet Addict,

Thanks for your time and prompt replies.

The ping yields the following results:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>ping localhost

Pinging AXS-Host.ad.local [::1] with 32 bytes of data:
Reply from ::1: time<1ms
Reply from ::1: time<1ms
Reply from ::1: time<1ms
Reply from ::1: time<1ms

Ping statistics for ::1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\Administrator>ping ad.local

Pinging ad.local [172.16.33.8] with 32 bytes of data:
Reply from 172.16.33.8: bytes=32 time<1ms TTL=128
Reply from 172.16.33.8: bytes=32 time<1ms TTL=128
Reply from 172.16.33.8: bytes=32 time<1ms TTL=128
Reply from 172.16.33.8: bytes=32 time<1ms TTL=128

Ping statistics for 172.16.33.8:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\Administrator>


The above ping results are from inside the physical server. When I do a ping AXS-Host.ad.local from my Cognos server (mentioned below), it gives  message saying that "Could not find host." This does not seem OK I guess  :-[

OK. Just to let you know:

172.16.33.8 is our physical server where I have configured the Active Directory.

Cognos 10.2 is installed on 172.16.33.6, which is a virtual machine on the above mentioned physical server.


Thanks n Regards
Dev

[SomeClown]

I have just now installed Active Directory Domain Services onto our Windows 2008 R2 Edition Server.
FQDN = ad.local
User = ad.local\Administrator
Pswd = AXSphy@1
Physical Server Static IP: 172.16.33.8

Is this a test lab that you are creating your own AD instance?  Normally you would just use whatever one you are running on.  If you already have one (you log into a domain to do all this work), you're going to have problems getting authentication to work against the newly installed AD.  If it's isolated (the machines are in a workgroup), you'll need to probably ensure that your machines gets repointed into your new AD server, and have users set up in that instance.  The Cognos server cannot find the AD host since the DNS entries are probably not set up for that.

Normally, you just use your existing domain for authentication.  Specify   corpdomain.com:389 or  corp.local:389 or a variation  as the location for the existing AD.

[sir_jeroen]

Well the ping results tell me that your Cognos server can't connect to the AD so first you'll have to fix this... Otherwise all efforts are for nothing.