Solved: Re: no match for qualifier XXXX found among resour... - Qlik Community

shane_spencer · ‎2014-07-31

I've got a test environment with users in 2 Domains, HBEU and HBAP on Active Directory. When users in the HBEU domain try to log on to Access Point they get the following pop-up:

It doesn't even work if they enter their credentials in the above pop-up. However HBAP users can get on to Access Point without issues (no pop-up).

I've had a look in the Directory Service Connector logs and found the following several times:

Warning Search: no match for qualifier HBAP found among resources

I've checked the set-up in QMC and it matches our other services which are running fine for both groups of users.

As anyone got any suggestions on how to resolve? Or what the issue might be exactly?

edit: Corrected the domains as I was originally given incorrect info about which was problematic.

shane_spencer · ‎2014-08-22

The issue has been fixed now. I'm told it was that "IIS Authentication Issue", some some clever person had a DENY USERS rule in it.

View solution in original post

marcus_sommer · ‎2014-07-31

Perhaps there are missing access rights on HBAP then the entry from LDAP-Path isn't automatically a successful access (and most often - are you sure the path is correct?). Try in qmc in tab users if you could find and see HBAP-user.

- Marcus

shane_spencer · ‎2014-07-31

Hi Marcus Sommer I tried to find a user and was successful:

marcus_sommer · ‎2014-07-31

I have not really experience with this kind of autentication but I think Bill Britt could be helpful.

- Marcus

shane_spencer · ‎2014-07-31

I've found out from the users that it's actually the HBEU users who are getting the error. When I do a search for an HBEU user they are eventually found but the following time-out message also appears:

Bill_Britt · ‎2014-07-31

Hi,

You need to setup a trust between the two domains. Putting the two domains in the DSC settings doesn't do anything with trusts. That will allow Qlik to read the AD to assign users to documents.

Bill

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.

shane_spencer · ‎2014-08-01

Hi Bill, I was beginning to to think it must be something along those lines myself so I'll follow that up. Does this trust have to be in place at a Server level then? Because I've got other QV environments set up (apparently) identically with the DSC pointing to both these domains and they are working fine.

ashfaq_haseeb · ‎2014-08-03

Hi,

If it is cross domain authentication,

Make sure you have 11.2 SR7 Installed.

Cross domain authentication is made easy in SR7.

Regards

ASHFAQ

qlikpahadi07 · ‎2014-08-03

Dear Shane,

Could you check from which User ID the Directory Services are running? I mean just run your services with the domain users who have admin rights on both Domain, it must work if your both Domains are connected or part of parent domain.

shane_spencer · ‎2014-08-04

Thanks Ashfaq, but I work in a large organisation where upgrading to the latest versions of software is a lengthy process by which time there's a new version out. Currently this environment is on version 11.20.12018.0, and we've not got the same issues on other environments that are on this version so it shouldn't be an issue in itself.

no match for qualifier XXXX found among resources