Failed to sync with user provisioning. Check Planning log for details

Issue:
Even though a user is provisioned for a Planning application in Shared Services, when you try to log into that application by that user you get following error:
Failed to sync with user provisioning. Check Planning log for details

The basic reason for this issue is the SID (Security token IDentifier) mismatch between Shared Services and Planning repository for a user. In other words  even though the User/Group name is same in both repositories but the identifier is different. Point to note: Planning uses SIDs, not the User or Group name for syncing and internal communication. 

There may be times when you will be able to log into a planning application using few users and few of them will give this sync error. A simple way to check if you are running into SID mismatch issue is to check the SID in Shared Services schema table CSS_USERS/GROUPS and HSP_USERS/GROUPS.  Utilities which we use to sort this issue are ProvisionUsers and UpdateUsers but sometimes these utilities won’t give you the expected results. Here is a way to resolve this issue when above utilities doesn't work.

Let’s take a live example here, I have an application in which I can login using admin user but can’t log in using HypAdmin user though both of them are admin to this application in HSS, I tried running above utilities but still no luck.

Here when I tried to log in as admin to the application replica









Now when I tried to log in as hypadmin

Now let’s find the reason for this out of sync:
SELECT IDENTITY_ID  FROM [HYP].[dbo].[CSS_USERS] where  NAME like 'hypadmin';
Result: native://nvid=bee6d6feba94f924:5e6288bc:13fc9557697:-7a6a?USER

SELECT SID FROM [replicaTest].[dbo].[HSP_USERS] 
WHERE USER_ID = (SELECT OBJECT_ID FROM [replicaTest].[dbo].[HSP_OBJECT] WHERE OBJECT_NAME LIKE 'hypadmin')
Result: native://DN=cn=ca9436fdd94d1052:7a0c25f4:13c522b9cdd:-6b1c,ou=People,dc=css,dc=hyp,dc=
com?USER

It means the SIDs are not in sync between HSS and Planning, in this case there was a different reason for SID mismatch (I had a MSAD user and Native User with the same name HypAdmin to sort out that issue have a look at this blog post)

Solution for this issue is really simple:

Update planning with the ID in the HSS.

UPDATE [replicaTest].[dbo].[HSP_USERS] SET SID = 'native://nvid=bee6d6feba94f924:5e6288bc:13fc9557697:-7a6a?USER'
WHERE USER_ID = (SELECT OBJECT_ID FROM [replicaTest].[dbo].[HSP_OBJECT] WHERE OBJECT_NAME LIKE 'hypadmin')

Restart Planning and try login to application replica using hypadmin user.

 



Oracle documented solutions for this issue are:
Receiving Error "Failed to Sync with User Provisioning. Check Planning logs for details" When Importing Security Access Permissions Artifacts Via LifeCycle Management Utility. [ID 1360954.1]
Hyperion Planning Error: "Failed to sync with user provisioning. Check planning log for details." [ID 1127664.1]


Cheers...!!!
Rahul S.

Comments

Post a Comment

Popular posts from this blog

Multiple Navigation Flows are Active

Image
We have witnessed an issue where application migration or sometimes service restart in PBCS/EPBCS activates multiple navigation flows.  If multiple navigation flows are active you wont be able make changes in any of them, because in order to make change in navigation flow you have to make it inactive. Typically you may end up in following situation:  Solution is pretty simple: 1. Create a copy of any of the existing navigation flow:  2. Give it any desired name:  3. Now, you will see one additional navigation flow, with inactive status: 4.  Make it active: 5.  At this point of time you will have one active navigation flow and two inactive  6. Select the additional navigation flow you have created and delete it  7. Now you are back in business: Rahul S.
Read more

The Member Does Not Exists For The Specified Cube

Image
The member "" does not exist for the specified cube or you do not have access to it. Issue:  If you are running into a issue, where for a RTP member selection is throwing an error for a missing member, this regardless of the member you have selected in RTP or regardless of rule. You may be able to execute the rule from Calc Manager and not from Planning. Reason: You may run into this issue if: 1. You have added members in Planning and have not refreshed the cube 2. For the default value of a RTP in calc member you have a member which is not valid any more for planning application 3. For the default value of a RTP in calc member you have a member which is not valid any more for a plan type Solution: 1. Refresh cube 2. Update Default value of RTP which is causing issue to member which exists 3. Deploy the rule Rahul S.
Read more

"Smart View handled an unknown exception thrown by Microsoft Office" Error on Vista, Windows 7, Windows 2008

My MS-Office Components are Crashing After Installing Smart View on Vista, Windows 7, Windows 2008! This is one more one pretty common issue,   "Smart View handled an unknown exception thrown by Microsoft Office."   This is actually a known issue in version 11.1.2.1. If you look at the read me of Smart View you will find bug# 11696583 "On Vista, Windows 2008, and Windows 7 operating systems, Excel may terminate abruptly upon launching after you install Smart View. Workaround: Turn off “User Access Control” in User Accounts, available from the Control Panel." Here is the link to read me: http://download.oracle.com/docs/cd/E17236_01/epm.1112/readme/sv_1112100_readme.html When the User Access Controls are on Smart View faces problem in registering, when you set it off Smart View register itself like a charm. To have more information on UAC: http://technet.microsoft.com/en-us/library/cc709691(WS.10).aspx Now, when y...
Read more