Setup IntegratedSecuritymode 3

Post Reply
kavitha2002
Community Contributor
Posts: 180
Joined: Sat May 05, 2018 11:48 am
OLAP Product: tm1
Version: 10.3.10100.8
Excel Version: 14

Setup IntegratedSecuritymode 3

Post by kavitha2002 »

Hello Everyone,

I would like to set up Securitymode= 3 in tm1. But struggled with SPN set up. gives the error as below:

FindDomainForAccount: Failed to call DsGetDcNameWithAccountW with the return value 0x0000054B.
Account 'PlanTest' was not found.

Syntax i have used was

>setspn -U -F -S tm1s/host.example.com example\PlanTest

where host.example.com where tm1 server is running
PlanTest is tm1 instance

Any idea how to fix.
User avatar
ykud
MVP
Posts: 148
Joined: Sat Jan 10, 2009 10:52 am
Contact:

Re: Setup IntegratedSecuritymode 3

Post by ykud »

SPN should be set up for the AD account running the TM1 services, not the tm1 service itself.
This:
example\PlanTest
should be
example\TM1ServiceUser

Cheers
kavitha2002
Community Contributor
Posts: 180
Joined: Sat May 05, 2018 11:48 am
OLAP Product: tm1
Version: 10.3.10100.8
Excel Version: 14

Re: Setup IntegratedSecuritymode 3

Post by kavitha2002 »

I would like to implement Security mode=3 with Kerberos security. I am running the TM1 server and perspectives in the same machine.

1) Imported the LDAP data into TM1, using ETLDAP
2) tm1s.cfg
SecurityPackageName=Kerberos
IntegratedSecurityMode=3

so now pespectives/Architect working properly.

3)Make tm1web to work, am trying to set SPN, in Services.msc I have changed the TM1 service which is registered as localsystem to domain\user

Question 1) used this cmd>setspn -L example\tm1instance
but its gives the below error
FindDomainForAccount: Failed to call DsGetDcNameWithAccountW with the return value 0x00000525.
Account tm1instance was not found.
Question 2) >setspn -U -F -S tm1s/host.example.com example\PlanTest...what is tm1s??
Question 3) Do i need to set anything in Kerberos parameters in regedit

Provide me the detail info on this.
Paul Segal
Community Contributor
Posts: 306
Joined: Mon May 12, 2008 8:11 am
OLAP Product: TM1
Version: TM1 11 and up
Excel Version: Too many to count

Re: Setup IntegratedSecuritymode 3

Post by Paul Segal »

Paul
kavitha2002
Community Contributor
Posts: 180
Joined: Sat May 05, 2018 11:48 am
OLAP Product: tm1
Version: 10.3.10100.8
Excel Version: 14

Re: Setup IntegratedSecuritymode 3

Post by kavitha2002 »

I have gave the below cmd:

>setspn -U -F -S HTTP/host.domain.com domain\user
host.domain.com – Tm1 server FQDN

but it says..
Error 0x2098 / 8344 -> The access rights are not sufficient for this process.

I have admin rights.
Run the cmd as adminstrator.

Do I need to run the cmd in the machine where Active Directory is installed?
Post Reply