SAP BusinessObjects 4.0/4.1 Single Sign On
On our BI platform we had the problem that Windows AD SSO didn't work for some specific users, they just saw the error message "Internet Explorer cannot display the webpage" when trying to access Launch Pad.
After some research we found out that those users are members in a very large number of Windows AD groups, which are sent in the HTTP header when using Sindle Sign On.
The first step to fix that is well documented in the SAP guides.
You have to include the maxHttpHeaderSize="65536" in the 8080 Connector Port tag of your E:\Program Files (x86)\SAP BusinessObjects\Tomcat6\conf\server.xml- file.
But there might be another configuration necessary too. There is the "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\MaxTokenSize" - parameter in the Windows registry, which must be set on every involved client - so this should be done via group policy.
If the max. token size is still too small, you should reduce the number of groups.
Friday, December 6, 2013
Analysis for Office timeout issues (HTTP request unouthorized)
SAP BusinessObjects 4.0/4.1 Analysis for Office 1.4
If you try to connect to a new data source and you notice after an inactivity time of 30 minutes the following error message, you may have to increase the timeout parameter in your web.xml file of your dswsbobje-service.
- Error: General .NET Exception:
The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate'.The remote server returned an error: (401) Unauthorized.
>> General .NET Exception:
System received an expired SSO ticket
at SAP.Middleware.Connector.RfcConnection.ThrowRfcErrorMsg()
at SAP.Middleware.Connector.RfcConnection.ReadBytes(Byte* buffer, Int32 count)
at SAP.Middleware.Connector.RfcConnection.ReadRfcIDBegin(Int32& length)
at SAP.Middleware.Connector.RfcConnection.ReadUpTo(RFCGET readState, RfcFunction function, RFCID toRid)
at SAP.Middleware.Connector.RfcConnection.RfcReceive(RfcFunction function)
at SAP.Middleware.Connector.RfcConnection.ConnectAsClient(RfcDestination destination, Boolean forRepository)
It's is quite common and well documented to increase the timeout value for Launch Pad, but you can do this also for the dswsbobje-service to overcome that error.
To do that, open your web.xml-file (\SAP BusinessObjects\tomcat\webapps\dswsbobje\WEB-INF) and add the following lines inside the web-app-tag to increase the timeout parameter to 120 minutes in this example.
<session-config>
<session-timeout>120</session-timeout>
</session-config>
Restart your Tomcat-Service.
If you try to connect to a new data source and you notice after an inactivity time of 30 minutes the following error message, you may have to increase the timeout parameter in your web.xml file of your dswsbobje-service.
- Error: General .NET Exception:
The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate'.The remote server returned an error: (401) Unauthorized.
>> General .NET Exception:
System received an expired SSO ticket
at SAP.Middleware.Connector.RfcConnection.ThrowRfcErrorMsg()
at SAP.Middleware.Connector.RfcConnection.ReadBytes(Byte* buffer, Int32 count)
at SAP.Middleware.Connector.RfcConnection.ReadRfcIDBegin(Int32& length)
at SAP.Middleware.Connector.RfcConnection.ReadUpTo(RFCGET readState, RfcFunction function, RFCID toRid)
at SAP.Middleware.Connector.RfcConnection.RfcReceive(RfcFunction function)
at SAP.Middleware.Connector.RfcConnection.ConnectAsClient(RfcDestination destination, Boolean forRepository)
It's is quite common and well documented to increase the timeout value for Launch Pad, but you can do this also for the dswsbobje-service to overcome that error.
To do that, open your web.xml-file (\SAP BusinessObjects\tomcat\webapps\dswsbobje\WEB-INF) and add the following lines inside the web-app-tag to increase the timeout parameter to 120 minutes in this example.
<session-config>
<session-timeout>120</session-timeout>
</session-config>
Restart your Tomcat-Service.
SAP BO Training Recommendation
I made really bad experiences with the SAP BO Online Training Courses. They are quite expensive and you waste too much time when a computer voice explains you how to use the scroll bar (I am not joking) in your browser or how to create a new folder in Launch Pad or when you have to watch again and again how to enter the BO System name in a textbox in the training videos.
If you don't know this site yet, check it out, I can fully recommend it and the best thing it is free: https://open.sap.com/
You can participate in different weekly-based only courses, which are really well made. The whole material can be downloaded and at the end you can make a small test.
Good luck!
Subscribe to:
Posts (Atom)