TM1 Forum

Hello Everyone,

I would like to set up Securitymode= 3 in tm1. But struggled with SPN set up. gives the error as below:

FindDomainForAccount: Failed to call DsGetDcNameWithAccountW with the return value 0x0000054B.
Account 'PlanTest' was not found.

Syntax i have used was

>setspn -U -F -S tm1s/host.example.com example\PlanTest

where host.example.com where tm1 server is running
PlanTest is tm1 instance

Any idea how to fix.

SPN should be set up for the AD account running the TM1 services, not the tm1 service itself.
This:
example\PlanTest
should be
example\TM1ServiceUser

Cheers

I would like to implement Security mode=3 with Kerberos security. I am running the TM1 server and perspectives in the same machine.

1) Imported the LDAP data into TM1, using ETLDAP
2) tm1s.cfg
SecurityPackageName=Kerberos
IntegratedSecurityMode=3

so now pespectives/Architect working properly.

3)Make tm1web to work, am trying to set SPN, in Services.msc I have changed the TM1 service which is registered as localsystem to domain\user

Question 1) used this cmd>setspn -L example\tm1instance
but its gives the below error
FindDomainForAccount: Failed to call DsGetDcNameWithAccountW with the return value 0x00000525.
Account tm1instance was not found.
Question 2) >setspn -U -F -S tm1s/host.example.com example\PlanTest...what is tm1s??
Question 3) Do i need to set anything in Kerberos parameters in regedit

Provide me the detail info on this.

Have you looked at this thread? http://www.tm1forum.com/viewtopic.php?f ... tlm#p42908

I have gave the below cmd:

>setspn -U -F -S HTTP/host.domain.com domain\user
host.domain.com – Tm1 server FQDN

but it says..
Error 0x2098 / 8344 -> The access rights are not sufficient for this process.

I have admin rights.
Run the cmd as adminstrator.

Do I need to run the cmd in the machine where Active Directory is installed?