OBIEE 11g: After Apply A Microsoft Kerberos Patch, OBIEE Authentication Fails With "Error 401 Unauthorized" Using Kerberos SSO

(Doc ID 1564879.1)

Last updated on JUNE 28, 2013

Applies to:

Business Intelligence Server Enterprise Edition - Version 11.1.1.6.2 BP1 and later
Information in this document applies to any platform.

Symptoms

You are running Single Sign-On using Active Directory as our user/group data store. This had been working without issues until two weeks ago. Since that time users intermittently cannot connect to OBIEE but instead receive a 401-Not authorized error. Often times they can reboot their workstation and then OBIEE will successfully authenticate and log them in. There are a few users that are unable to login to OBIEE at all no matter how many times they reboot, shutdown, clear their browser cache, etc. OBIEE is working fine for the users that authenticate and are then logged in. If a user cannot authenticate from a particular workstation to one server they also cannot get to any others. Eventually all users start to experience this error.

The following error is seen in the browser when the user fails connection:

 

 

Changes

 Applied patch MS12-069 on the Windows Server, a patch for a Kerberos vulnerability.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms