If you are unable to create a new account, please email support@bspsoftware.com

 

News:

MetaManager - Administrative Tools for IBM Cognos
Pricing starting at $2,100
Download Now    Learn More

Main Menu

Active Directory Configuration with Cognos 10.2

Started by xplorerdev, 20 Dec 2012 05:41:58 AM

Previous topic - Next topic

xplorerdev

Hi All,

I have just now installed Active Directory Domain Services onto our Windows 2008 R2 Edition Server.
FQDN = ad.local
User = ad.local\Administrator
Pswd = AXSphy@1
Physical Server Static IP: 172.16.33.8


Now, I am trying to configure this Active Directory in Cognos 10.2

In Cognos Configuration Manager > Authentication, I have done the following:

Created New Namespace = AD
Namespace ID = AD
Host and port = 172.16.33.8:389
Binding Credentials UserID: ad.local\Administrator
Binding Credential Pswd: AXSphy@1
Time out in seconds = -1
Size limit = -1

Under AD, I have set "Restrict Access to members of the huilt-in namespace" to TRUE.

Under Cognos, i.e. the default namespace, I have set "Allow anonymous access" to FALSE.

When I Test the AD namespace, I get the following error messages:

[''AD'']
[ ERROR ] CAM-AAA-0146 The namespace 'AD' is not available.
[ ERROR ] CAM-AAA-0064 The function 'Configure' failed.
[ ERROR ] CAM-AAA-0089 The provider is not initialized.
[ ERROR ] ADSI Error HRESULT Returns:
ERROR_DS_SERVER_DOWN
ADSI Error:

System Error:
The server is not operational.

[ ERROR ] CAM-AAA-0124 The Active Directory function call to 'getDomainTreesTopology' failed.



Any suggestions/advice will be highly appreciated.


Thanks n Regards
Dev

Grim

Try an anonymous bind. Clear out the bind credentials.
"Honorary Master of IBM Links"- MFGF
Certified IBM C8 & C10 Admin, Gamer, Geek and all around nice guy.
<-Applaud if my rant helped! 8)

sir_jeroen

You say FQDN is AD.LOCAL but I assume this is your domain.
A FQDN consists of: <Servername>.<domain> e.g. dc1.cognos.com (old memories must be kept alive ;-) )
so
servername = dc1
domain = cognos.com

I would do this:

Created New Namespace = AD
Namespace ID = AD
Host and port = AD.LOCAL:389 Let Cognos talk to the domain and let the controller handle the load balancing :D
Binding Credentials UserID: ad.local\Administrator
Binding Credential Pswd: AXSphy@1
Time out in seconds = <Leave default>
Size limit = <Leave default>


xplorerdev

Hi Grim,

Thanks for your reply.

I removed the binding credentials. But now I am getting the following error:

[''AD'']
[ ERROR ] CAM-AAA-0146 The namespace 'AD' is not available.
[ ERROR ] CAM-AAA-0064 The function 'Configure' failed.
[ ERROR ] CAM-AAA-0089 The provider is not initialized.
[ ERROR ] CAM-AAA-0036 Unable to authenticate because the credentials are invalid.
[ ERROR ] ADSI Error:
8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1
System Error:
Logon failure: unknown user name or bad password.



Hi ReportNet Addict,

Thanks for your reply.

I tried what you have suggested. But now I am getting the following error:

[''AD'']
[ ERROR ] CAM-AAA-0146 The namespace 'AD' is not available.
[ ERROR ] CAM-AAA-0064 The function 'Configure' failed.
[ ERROR ] CAM-AAA-0043 The LDAP directory server 'AD.LOCAL':'389' is not running.
[ ERROR ] ADSI Error HRESULT Returns:
ERROR_DS_SERVER_DOWN
ADSI Error:

System Error:
The server is not operational.



Thanks to both of you for your replies. Looking forward for more suggestions.


Thanks n Regards
Dev

sir_jeroen

#4
If you do a "ping localhost"?
You should get a correct FQDN. Remove the servername and you have your domain name.
What response do you get when you do "ping AD.local"?

xplorerdev

Hi ReportNet Addict,

Thanks for your time and prompt replies.

The ping yields the following results:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>ping localhost

Pinging AXS-Host.ad.local [::1] with 32 bytes of data:
Reply from ::1: time<1ms
Reply from ::1: time<1ms
Reply from ::1: time<1ms
Reply from ::1: time<1ms

Ping statistics for ::1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\Administrator>ping ad.local

Pinging ad.local [172.16.33.8] with 32 bytes of data:
Reply from 172.16.33.8: bytes=32 time<1ms TTL=128
Reply from 172.16.33.8: bytes=32 time<1ms TTL=128
Reply from 172.16.33.8: bytes=32 time<1ms TTL=128
Reply from 172.16.33.8: bytes=32 time<1ms TTL=128

Ping statistics for 172.16.33.8:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\Administrator>



The above ping results are from inside the physical server. When I do a ping AXS-Host.ad.local from my Cognos server (mentioned below), it gives  message saying that "Could not find host." This does not seem OK I guess  :-[

OK. Just to let you know:

172.16.33.8 is our physical server where I have configured the Active Directory.

Cognos 10.2 is installed on 172.16.33.6, which is a virtual machine on the above mentioned physical server.


Thanks n Regards
Dev

SomeClown

QuoteI have just now installed Active Directory Domain Services onto our Windows 2008 R2 Edition Server.
FQDN = ad.local
User = ad.local\Administrator
Pswd = AXSphy@1
Physical Server Static IP: 172.16.33.8

Is this a test lab that you are creating your own AD instance?  Normally you would just use whatever one you are running on.  If you already have one (you log into a domain to do all this work), you're going to have problems getting authentication to work against the newly installed AD.  If it's isolated (the machines are in a workgroup), you'll need to probably ensure that your machines gets repointed into your new AD server, and have users set up in that instance.  The Cognos server cannot find the AD host since the DNS entries are probably not set up for that.

Normally, you just use your existing domain for authentication.  Specify   corpdomain.com:389 or  corp.local:389 or a variation  as the location for the existing AD.

sir_jeroen

Well the ping results tell me that your Cognos server can't connect to the AD so first you'll have to fix this... Otherwise all efforts are for nothing.