Problem(Abstract) When testing an AD Authentication Provider configured on a Workgroup Server that points to an Active Directory(AD) Domain Controller fails with the following error: Symptom ['Active Directory']1. [ ERROR ] CAM...
显示全部Problem(Abstract)
When testing an AD Authentication Provider configured on a Workgroup Server that points to an Active Directory(AD) Domain Controller fails with the following error:
Symptom
['Active Directory']
1. [ ERROR ] CAM-AAA-0146 The namespace 'AD' is not available.
CAM-AAA-0064 The function 'CAM_AAA_Configure2' failed.
CAM-AAA-0089 The provider is not initialized.
ADSI Error HRESULT Returns:
ERROR_DS_SERVER_DOWN
ADSI Error:
System Error:
The server is not operational.
CAM-AAA-0124 The Active Directory function call to 'getDomainTreesTopology' failed.
Environment
Cognos 8.3 running in a Windows 2003 R2 SP2 WORKGROUP with the AD Authentication set to a Windows 2003 R2 SP2 Domain
Resolving the problem
On the Workgroup Server:
Enable the following Security Options using the Group Policy Editor:
Network security: LAN Manager authentication level: Send LM & NTLM responses,
Network security: LDAP client signing requirements - Negotiate signing.
Use the ipconfig to Flush DNS and delete all ARP cache.
On the Domain Controller:
Enable the following Security Options using the Group Policy Editor:
Network security: LAN Manager authentication level: Send LM & NTLM responses,
Network security: LDAP client signing requirements - Negotiate signing.
User rights Assignment: Create a token object - Administrators, Local service, network service
Steps on the Workgroup:
1. Start - Run - GPEDIT.MSC
2. Navigate to: / Computer Configuration/ Windows Settings / Security Settings / Local Policies / Security Options
3. Make the following changes: Network security: LAN Manager authentication level: Send LM & NTLM responses, Network security: LDAP client signing requirements - Negotiate signing.
4. Add the DNS Suffix to the Workgroup Server Name: Rightclick My Computer - Properties - Computer Name - Change - More - add any Domain Suffix.
5. Open a DOS window and type: ipconfig /FLUSHDNS, ipconfig /REGISTERDNS, arp -d
Steps On the Domain Controller:
1. Start - Run - GPEDIT.MSC
2. Navigate to: / Computer Configuration/ Windows Settings / Security Settings / Local Policies / Security Options
3. Make the following changes: Network security: LAN Manager authentication level: Send LM & NTLM responses, Network security: LDAP client signing requirements - Negotiate signing.
4. Make the following changes: User rights Assignment: Create a token object - Administrators, Local service, network service
收起