Access Point not working for users in second domai... - Page 2 - Qlik Community

Permalink · ‎2015-07-06

Hi,

We have recently set up a second domain and we are trying to set up our Qlikview configuration to grant users in this domain access to our reports. In the management console I have edited the DSC to include the second Active Directory path, and that has allowed us to assign licenses to these users.

However despite this users from that domain cannot see any reports when the browse to the Access Point page. It loads up fine but there are no visible reports. I've been trying to look around for a solution to this but not had any luck so far, can anyone help point me in the right direction?

Thanks

Permalink · ‎2015-07-08

We are using Publisher yeah. I'll make the change and see if it works

Permalink · ‎2015-07-08

I've just had a look into the events log file on the server and found the following error appear when we tried to access it using the other domain user:

Error

SE_LOG: User - GetStringS: Failed to LookupAccountName2 without using DCName. GLE(1788)

I tried to look this up on the web but couldn't find anything about it.

jltsupport · ‎2019-05-16

Hello, You can try restarting QDSC service on the server for which this error occurs. Works for me after this. Regards, Ieshan Chandra

Daniele_Purrone · ‎2019-05-21

Are the users actually authenticated on the access point?
Do you see '"Welcome, theirname" at the right top corner?
Also, if you check the permissions on the user document, can you see that the users should have access to it?

Daniele - Principal Technical Support Engineer & SaaS Support Coordinator at Qlik
If a post helps to resolve your issue, please accept it as a Solution.

Daniele_Purrone · ‎2019-05-21

Consider that QlikView doesn't do AD authentication. Windows does.
So, when adding an additional domain you need to make sure that the Windows server is able to recognized the users from the other domain (domain trust).

More details here.

Daniele - Principal Technical Support Engineer & SaaS Support Coordinator at Qlik
If a post helps to resolve your issue, please accept it as a Solution.

Brett_Bleess · ‎2019-06-25

What you likely need to do here if you have an SSO frontend that can handle the authentication piece properly, is on our side, put the QVS service into DMS security mode instead of NTFS, and I believe you should likely be able to configure a DSC DSP to get to the other directory, you may have to specify a specific account to read from it depending upon trust relationship etc., but if you can then read, that will allow you to choose users/groups from both domains at that point, and all QVS will be checking for is whether we have a match to a name or group when it gets it from the web server. Most of the time the web server is using Header Auth setup in these cases. Hopefully this may help a little, but to Daniele's point, if the web server is set to use NTLM, then you would have to have trusts in place between the domains such that the web server would be able to process authentication requests for either domain. Hopefully this makes a little sense.

Regards,
Brett

To help users find verified answers, please do not forget to use the "Accept as Solution" button on any post(s) that helped you resolve your problem or question.
I now work a compressed schedule, Tuesday, Wednesday and Thursday, so those will be the days I will reply to any follow-up posts.

Access Point not working for users in second domain

Web Server