TM1 Forum

I have been trying to get integrated login just for Architect and have had no luck.

Can someone help validate some points for me?

I have Security set as Kerberos and Login Mode as 2. The only other change I have made is to add the login id user@domain to the unique filed in the client properties cube. The TM1 admin service and server are both running on a windows domain service account (the same one).

Outside of this are there any other items I need to know? Do any other settings need to be messed with on the Active Directory side?

Did you select the checkbox in the options screen that says something like 'Use integrated login'?

In mode 2, each user has the option of using integrated login, or not.

Check that the Domain (in the @Domain) is the proper case. I have had situations where it's been case sensitive.

I have checked the box for integrated login and I also checked the case for the @domain portion.

Im still receving the standard "Server Principal Name (SPN) or the security context of the destination server could not be established.

PlanningDev wrote:Im still receving the standard "Server Principal Name (SPN) or the security context of the destination server could not be established.

Try using NTLM instead of Kerberos...

Hi
Didn't have to use Kerberos in a while but from memory I think it can happen that the way you have to set the domain in the UniqueID can differ between the two security packages.

For example using NTLM it would simply be johnsmith@company
but with Kerberos it would be johnsmith@us.ad.company (or in which ever way the domain was set up)

You might find that changing to NTLM will solve your problem easily but in case you are using TM1Web with the web server being a another machine than the TM1 Server you would have to use Kerberos.

If I recall correctly the TM1 Service needs to run on a domain account to be able to use Kerberos. Is your server running on a domain account or on a local account?

Michel