Hello Everyone,
I would like to set up Securitymode= 3 in tm1. But struggled with SPN set up. gives the error as below:
FindDomainForAccount: Failed to call DsGetDcNameWithAccountW with the return value 0x0000054B.
Account 'PlanTest' was not found.
Syntax i have used was
>setspn -U -F -S tm1s/host.example.com example\PlanTest
where host.example.com where tm1 server is running
PlanTest is tm1 instance
Any idea how to fix.
Setup IntegratedSecuritymode 3
-
- Community Contributor
- Posts: 180
- Joined: Sat May 05, 2018 11:48 am
- OLAP Product: tm1
- Version: 10.3.10100.8
- Excel Version: 14
Re: Setup IntegratedSecuritymode 3
SPN should be set up for the AD account running the TM1 services, not the tm1 service itself.
This:
example\PlanTest
should be
example\TM1ServiceUser
Cheers
This:
example\PlanTest
should be
example\TM1ServiceUser
Cheers
-
- Community Contributor
- Posts: 180
- Joined: Sat May 05, 2018 11:48 am
- OLAP Product: tm1
- Version: 10.3.10100.8
- Excel Version: 14
Re: Setup IntegratedSecuritymode 3
I would like to implement Security mode=3 with Kerberos security. I am running the TM1 server and perspectives in the same machine.
1) Imported the LDAP data into TM1, using ETLDAP
2) tm1s.cfg
SecurityPackageName=Kerberos
IntegratedSecurityMode=3
so now pespectives/Architect working properly.
3)Make tm1web to work, am trying to set SPN, in Services.msc I have changed the TM1 service which is registered as localsystem to domain\user
Question 1) used this cmd>setspn -L example\tm1instance
but its gives the below error
FindDomainForAccount: Failed to call DsGetDcNameWithAccountW with the return value 0x00000525.
Account tm1instance was not found.
Question 2) >setspn -U -F -S tm1s/host.example.com example\PlanTest...what is tm1s??
Question 3) Do i need to set anything in Kerberos parameters in regedit
Provide me the detail info on this.
1) Imported the LDAP data into TM1, using ETLDAP
2) tm1s.cfg
SecurityPackageName=Kerberos
IntegratedSecurityMode=3
so now pespectives/Architect working properly.
3)Make tm1web to work, am trying to set SPN, in Services.msc I have changed the TM1 service which is registered as localsystem to domain\user
Question 1) used this cmd>setspn -L example\tm1instance
but its gives the below error
FindDomainForAccount: Failed to call DsGetDcNameWithAccountW with the return value 0x00000525.
Account tm1instance was not found.
Question 2) >setspn -U -F -S tm1s/host.example.com example\PlanTest...what is tm1s??
Question 3) Do i need to set anything in Kerberos parameters in regedit
Provide me the detail info on this.
-
- Community Contributor
- Posts: 306
- Joined: Mon May 12, 2008 8:11 am
- OLAP Product: TM1
- Version: TM1 11 and up
- Excel Version: Too many to count
Re: Setup IntegratedSecuritymode 3
Have you looked at this thread? http://www.tm1forum.com/viewtopic.php?f ... tlm#p42908
Paul
-
- Community Contributor
- Posts: 180
- Joined: Sat May 05, 2018 11:48 am
- OLAP Product: tm1
- Version: 10.3.10100.8
- Excel Version: 14
Re: Setup IntegratedSecuritymode 3
I have gave the below cmd:
>setspn -U -F -S HTTP/host.domain.com domain\user
host.domain.com – Tm1 server FQDN
but it says..
Error 0x2098 / 8344 -> The access rights are not sufficient for this process.
I have admin rights.
Run the cmd as adminstrator.
Do I need to run the cmd in the machine where Active Directory is installed?
>setspn -U -F -S HTTP/host.domain.com domain\user
host.domain.com – Tm1 server FQDN
but it says..
Error 0x2098 / 8344 -> The access rights are not sufficient for this process.
I have admin rights.
Run the cmd as adminstrator.
Do I need to run the cmd in the machine where Active Directory is installed?