Wednesday, December 26, 2012

Updating Security GUIDs in OBIEE 11g

Best practice is to update the user GUIDs after changing the directory server used as the data source for the authentication provider. If the same user name exists in both directory servers (original and new), the original user GUID may conflict with the user GUID contained in new directory server. A refresh forces the system to reference the user GUID contained in the new directory server. Authentication errors may result if the GUIDs are not refreshed and the system detects a mis-match for the user GUID.
The GUIDs stored in the BI Presentation Catalog or RPD can be resynchronized as follows:


Before going into the below.

We normally

1. Stop OPMN services
2. Upload rpd and catalog in EM
3. Amend the NQSConfig and Instance Config as below.
4. Start OPMN services and Presentation service will be down
5. Stop OPMN services
6. Ammend NQSConfig and Instanceconfig.INI revert changes to normal
7. Start OPMN services

Refreshing the GUIDs requires that you stop and restart the System components from the command line and not Fusion Middleware Control

Sometimes when moving catalog and rpd to a new instance various errors occur with logging in.

Anyway try updating the GUID’s...............

Take a backup of the NQSConfig.xml file

Open the NQSConfig.INI file for editing.

Location
MiddlewareHome/instances/instance1/config/OracleBIServerComponent/coreapplication_obis1/

Locate the setting FMW_UPDATE_ROLE_AND_USER_REF_GUIDS = NO and change its value to YES

Save the file.

Next goto

Location
MiddlewareHome/instances/instance1/config/OracleBIPresentationServicesComponent/coreapplication_obips1/

Take a backup of the instanceconfig.xml file.

Modify the original instanceconfig.xml file to so that the Oracle BI Presentation Server refresh’s the GUIDs on restart.  Edit the file to add the UpdateAccountGUIDs line in the following example. 
<Catalog>
 <UpgradeAndExit>false</UpgradeAndExit>
<UpdateAccountGUIDs>UpdateAndExit</UpdateAccountGUIDs>
 </Catalog>


Once done save the instanceconfig.xml file

Restart the OPMN Services.

The following components are involved: Oracle BI Presentation Server, Oracle BI Server, Oracle BI Scheduler, Oracle BI Cluster Controller, and Oracle BI JavaHost


Using commands.

$MW_HOME/instances/instance1/bin/opmnctl stopall

$MW_HOME/instances/instance1/bin/opmnctl startall

$MW_HOME/instances/instance1/bin/opmnctl status

You might notice the sawserver has not started if this is the case revert the instanceconfig.xml to the copy we made earlier and restart again.

Once all complete


Edit the NQSConfig.INI file to reset the FMW_UPDATE_ROLE_AND_USER_REF_GUIDS = YES to NO and  edit the instanceconfig.xml and set the line <UpdateAccountGUIDs>none<UpdateAccountGUIDs> to none.

Restart the OPMN services like we did earlier in the post.