TM1Web Integrated Login 10.2.2 FP1

Post Reply
User avatar
gtonkin
MVP
Posts: 1199
Joined: Thu May 06, 2010 3:03 pm
OLAP Product: TM1
Version: Latest and greatest
Excel Version: Office 365 64-bit
Location: JHB, South Africa
Contact:
Contact gtonkin

TM1Web Integrated Login 10.2.2 FP1

Post by gtonkin »

After successfully implementing on 2 clients' servers, the 3rd seems problematic. I am getting the following in the TM1Web log:

Code: Select all

2014-12-08 15:30:40,244 [http-9510-1] 
ERROR () com.ibm.cognos.tm1.datasource.javaapi.TM1Connection - Exception Error: null
Stack Trace: java.lang.NullPointerException
	at com.applix.tm1.TM1Server.PerformSingleSignOn(TM1Server.java:2606)
	at com.applix.tm1.TM1Server.connectIntegrated(TM1Server.java:2444)
	at com.applix.tm1.TM1Bean.openConnection(TM1Bean.java:260)
	at com.ibm.cognos.tm1.datasource.javaapi.TM1Connection.openConnection(TM1Connection.java:90)
	at com.ibm.cognos.tm1.web.services.TM1AppService.loginSeverEx(TM1AppService.java:275)
	at com.ibm.cognos.tm1.web.services.TM1AppService.createServerSession(TM1AppService.java:253)
	at com.ibm.cognos.tm1.web.services.TM1AppService.loginServer(TM1AppService.java:109)
	at com.ibm.cognos.tm1.web.services.TM1Service.loginServerIntegrated(TM1Service.java:140)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:94)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
Client side just says Login failed, please try again.

With the help of the sysadmin for the domain, we have tweaked KRB5.CONF every which way and he confirms tickets being issued from the DC.

Does anyone have any ideas on how to:
1) resolve
2) get better debugging (log4j is set to DEBUG)
3) commands to run to confirm settings
4) confirm default_tkt_enctype - set to rc4-hmac des-cbc-crc but KDC seems to be configured for rc4-hmac-MD5

Some background:
All files are configured exactly like previously configured and working systems, Realms, KDC, Admin_Server etc. aside
SETSPN -U -F -S was run with the FQDN of the host machine and SETSPN -L confirms
Users can log in through perspectives with integrated login just fine
Configuration in ServicePrincipalName for <FQDN Host>@<Domain> tie back to what we are using in the KRB5 file
We have tried two different KDCs on the same domain
KRB5 file has been checked for upper case and lower case parameters and leading periods (dots) where specified - all seems aligned.
The TM1 Services are started using a named user on the domain - the only comment is that it has a format of user@domain
Windows OS is Server 2008 R2

Does anyone know too how the TM1S in the SETSPN is linked in this whole equation?

Thank you in anticipation.
Top
Post Reply

Return to “IBM TM1, Planning Analytics, PAx and PAW”