Code: Select all
2014-12-08 15:30:40,244 [http-9510-1]
ERROR () com.ibm.cognos.tm1.datasource.javaapi.TM1Connection - Exception Error: null
Stack Trace: java.lang.NullPointerException
at com.applix.tm1.TM1Server.PerformSingleSignOn(TM1Server.java:2606)
at com.applix.tm1.TM1Server.connectIntegrated(TM1Server.java:2444)
at com.applix.tm1.TM1Bean.openConnection(TM1Bean.java:260)
at com.ibm.cognos.tm1.datasource.javaapi.TM1Connection.openConnection(TM1Connection.java:90)
at com.ibm.cognos.tm1.web.services.TM1AppService.loginSeverEx(TM1AppService.java:275)
at com.ibm.cognos.tm1.web.services.TM1AppService.createServerSession(TM1AppService.java:253)
at com.ibm.cognos.tm1.web.services.TM1AppService.loginServer(TM1AppService.java:109)
at com.ibm.cognos.tm1.web.services.TM1Service.loginServerIntegrated(TM1Service.java:140)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:94)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
With the help of the sysadmin for the domain, we have tweaked KRB5.CONF every which way and he confirms tickets being issued from the DC.
Does anyone have any ideas on how to:
1) resolve
2) get better debugging (log4j is set to DEBUG)
3) commands to run to confirm settings
4) confirm default_tkt_enctype - set to rc4-hmac des-cbc-crc but KDC seems to be configured for rc4-hmac-MD5
Some background:
All files are configured exactly like previously configured and working systems, Realms, KDC, Admin_Server etc. aside
SETSPN -U -F -S was run with the FQDN of the host machine and SETSPN -L confirms
Users can log in through perspectives with integrated login just fine
Configuration in ServicePrincipalName for <FQDN Host>@<Domain> tie back to what we are using in the KRB5 file
We have tried two different KDCs on the same domain
KRB5 file has been checked for upper case and lower case parameters and leading periods (dots) where specified - all seems aligned.
The TM1 Services are started using a named user on the domain - the only comment is that it has a format of user@domain
Windows OS is Server 2008 R2
Does anyone know too how the TM1S in the SETSPN is linked in this whole equation?
Thank you in anticipation.