Setup IntegratedSecuritymode 3

Post Reply
kavitha2002
Posts: 105
Joined: Sat May 05, 2018 11:48 am
OLAP Product: tm1
Version: 10.3.10100.8
Excel Version: 14

Setup IntegratedSecuritymode 3

Post by kavitha2002 » Thu Nov 22, 2018 10:28 am

Hello Everyone,

I would like to set up Securitymode= 3 in tm1. But struggled with SPN set up. gives the error as below:

FindDomainForAccount: Failed to call DsGetDcNameWithAccountW with the return value 0x0000054B.
Account 'PlanTest' was not found.

Syntax i have used was

>setspn -U -F -S tm1s/host.example.com example\PlanTest

where host.example.com where tm1 server is running
PlanTest is tm1 instance

Any idea how to fix.

User avatar
ykud
Posts: 36
Joined: Sat Jan 10, 2009 10:52 am
Contact:

Re: Setup IntegratedSecuritymode 3

Post by ykud » Sun Nov 25, 2018 10:08 pm

SPN should be set up for the AD account running the TM1 services, not the tm1 service itself.
This:
example\PlanTest
should be
example\TM1ServiceUser

Cheers

kavitha2002
Posts: 105
Joined: Sat May 05, 2018 11:48 am
OLAP Product: tm1
Version: 10.3.10100.8
Excel Version: 14

Re: Setup IntegratedSecuritymode 3

Post by kavitha2002 » Mon Nov 26, 2018 7:41 am

I would like to implement Security mode=3 with Kerberos security. I am running the TM1 server and perspectives in the same machine.

1) Imported the LDAP data into TM1, using ETLDAP
2) tm1s.cfg
SecurityPackageName=Kerberos
IntegratedSecurityMode=3

so now pespectives/Architect working properly.

3)Make tm1web to work, am trying to set SPN, in Services.msc I have changed the TM1 service which is registered as localsystem to domain\user

Question 1) used this cmd>setspn -L example\tm1instance
but its gives the below error
FindDomainForAccount: Failed to call DsGetDcNameWithAccountW with the return value 0x00000525.
Account tm1instance was not found.
Question 2) >setspn -U -F -S tm1s/host.example.com example\PlanTest...what is tm1s??
Question 3) Do i need to set anything in Kerberos parameters in regedit

Provide me the detail info on this.

Paul Segal
Community Contributor
Posts: 251
Joined: Mon May 12, 2008 8:11 am
OLAP Product: TM1
Version: 10.2.2
Excel Version: 2010

Re: Setup IntegratedSecuritymode 3

Post by Paul Segal » Mon Nov 26, 2018 9:28 am

Paul

kavitha2002
Posts: 105
Joined: Sat May 05, 2018 11:48 am
OLAP Product: tm1
Version: 10.3.10100.8
Excel Version: 14

Re: Setup IntegratedSecuritymode 3

Post by kavitha2002 » Mon Nov 26, 2018 1:39 pm

I have gave the below cmd:

>setspn -U -F -S HTTP/host.domain.com domain\user
host.domain.com – Tm1 server FQDN

but it says..
Error 0x2098 / 8344 -> The access rights are not sufficient for this process.

I have admin rights.
Run the cmd as adminstrator.

Do I need to run the cmd in the machine where Active Directory is installed?

Post Reply