In my attempts to have users use Kerberos authentication to access AS, I
found that the MSSQL OLAP service needed to be logged in as a domain
account. I created a new account, like DBUSER and gave this account OLAP
group permissions. I also changed the BIN and DATA directories giving
DBUSER full access rights.

The service starts successfully, but Analysis Manager cannot connect. (and
my kerberos issues are not resolved)

Any suggestions for converting OLAP from a local service account to a domain
account?

Thanks

Bill

I presume this:
* You have the Active Directory up & running
* Your AS server is on a dedicated server
* Your database server is on a dedicated server (not the same as you OLAP
one)

first, the BDUser must be a member of the "OLAP Administrator" local group
(on the AS Server)
This user must have (at least) read acces to your source database if you use
the integrated security option in your data source definition.
Kerberos is not required at this step.
Kerberos is required to delegate end users during olap cube access in
multi-tier application (like ASP.Net application).
Kerberos is not required for Analysis Manager access.

What is your data source?
Which account is used to access it?


"Bill Hays" <bhays (AT) comtime (DOT) com> wrote

You presume well! Active Directory is up and running.
AS server is on a dedicated computer.
The database we are using is simply foodmart, but our future production
environment will be a different server.
Kerberos, we will be needing that soon, as we intend to access the cubes
from IIS using msolap.asp

The data source, I dont seem to get that far...
Using the Administrator account to start Analysis Manager

Now for somemore details...

Both accounts DBUSER and ADMINISTRATOR are in the "OLAP Administrator" AD
Group.

Analysis Manager attempts to connect, but I get the message:

"Unable to connect to the registry on the server (ASSERVER), or you are not
a member of the OLAP Administrators grouip on this server"

Other than changing the service startup username (DBUSER) , are there some
registry changes that I need to make?

Thanks in advance for any ideas.

Bill


"Jéjé" <willgart (AT) BBBhotmailAAA (DOT) com> wrote

there is a bug in AS SP3 (maybe before sp3 too) where the registry entry is
misconfigured and the OLAP Administrator group has NO access !!!
search for this entry and modify the security:
HKEY_LOCAL_MACHINE\SOFTWARE\Mi*crosoft\OLAP Server
and insure also that the same group has access to C:\Program Files\Microsoft
Analysis Services
and also to the shared folder (an hidden one) $MSOLAP is shared and
accessible by the olap admin group.


"Bill Hays" <bhays (AT) comtime (DOT) com> wrote

Almost!

Major oversight on my part to tell you that I am using the new Windows 64
bit (EM64T), along with 64 bit SQL server. I brought up regedit, and
couldn't even find the OLAP server keys. I started up the 64 bit version of
regedit from the wow64sys directory and was able to verify the security
settings for the OLAP keys. They were correct.

I verified that the MSOLAPRepository$ is the same on my server.

I have a second computer setup for testing OLAP, but it is an old P3 with 32
bit SQL. It acts exactly the same way, so I don't think I am looking at a
64 bit issue.

I'll keep testing and see if I can figure something out...

Thanks,

Bill



"Jéjé" <willgart (AT) BBBhotmailAAA (DOT) com> wrote

Hi Bill,

How about your test? Have you resolved it yet? If there is anything I could
contribute to help on this topic, please don't hesitate to let me know.


Sincerely yours,

Michael Cheng
Microsoft Online Partner Support

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
================================================== ===
Business-Critical Phone Support (BCPS) provides you with technical phone
support at no charge during critical LAN outages or "business down"
situations. This benefit is available 24 hours a day, 7 days a week to all
Microsoft technology partners in the United States and Canada.

This and other support options are available here:
BCPS:
https://partner.microsoft.com/US/tec...rview/40010469
Others: https://partner.microsoft.com/US/tec...pportoverview/

If you are outside the United States, please visit our International
Support page: http://support.microsoft.com/common/international.aspx
================================================== ===
This posting is provided "AS IS" with no warranties, and confers no rights.

Michael,

Thanks for checking up.

I was able to replicate the problem with a 32 bit Pentium 4 server,
concluding it is not a 64 bit SQL issue.

I was successful this morning in getting everything working.

I had two problems, the first was that the 32 bit server was not setup
correctly into the AD, and the OLAP Administrator group only existed on the
local sever.

My issue on the 64 bit server was really an issue of regedit, I needed to
run the sysWOW64 verson to see the correct registry keys, then make sure
that the permisions are changed to the entire tree.

Now, I am going to be trying my Kerberos, which I suspect will work better
now that the OLAP service is running with proper permissions.

Thanks,

Bill Hays





"Michael Cheng [MSFT]" <v-mingqc (AT) online (DOT) microsoft.com> wrote

Hi Bill,

Thanks for your email and sharing the knowledge with us.

If you have any questions or concerns next time, don't hesitate to let me
know. We are always here to be of assistance!


Sincerely yours,

Michael Cheng
Microsoft Online Partner Support

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
================================================== ===

This posting is provided "AS IS" with no warranties, and confers no rights.