Hi All,
First Thing:
I was trying to configure Window Active Directory Authentication in BO for this i have done following steps as mentioned in Admin Guide:
1. Created a service account on BO server machine.
2. Already Set the SPN
3. Trusted this service account for delegation
4. Added this service account to local administrators group.
5. Granted local policy to “Act as part of Operating System”
6. In the CCM changed the account from local system to service account in the “Log on As” section.
7. Configured Windows AD in the CMC
8. In Authentication Options used "Kerberos authentication" and given proper SPN in it.
After doing all the above Steps i am getting "Logon failure due to an internal error" on my webi rich client when logging via windows authentication and on BI launch pad below error:
Account Information Not Recognized: Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserName@DNS_DomainName, and then try again (FWM 00006).
what is this valid mapped group? i tried using username like "xyz@abc.co.in","abc/xyz","abc.co.in/xyz" name but still same error!
Second:
But when i configure NTLM authentication in CMC i am able to log in webi rich client through windows authentication and i can see the Domain Group in CMC/users and Groups, the users of my windows ad groups are listed there, here still not in BI launch pad the error is
Account Information Not Recognized: The Windows AD plug-in does not support Java in NTLM mode. Please use Kerberos. (FWM 02100)
Yes i used Kerberos but why this error is coming i am totally fed up with this please someone help! 