Typically all that is needed is an update on the UNIQUEID to have the relevant domain included there. Sometimes however some users cannot connect and you need to try trace which domain TM1 is actually seeing them originate from.
Up until now this has been impossible, for me at any rate, until I found a logger option for SSPISecurity.
Add TM1.SSPISecurity (Windows - Security Support Provider Interface) as a logger in the TM1S-Log.properties e.g.:
Results should give you detail about the user's identity: Also worthwhile pointing out that if you are troubleshooting for TM1 Web, the STDOut log in tm1_64\logs may have some insights in terms of failure status codes e.g. KrbException, status code: 18 message: Clients credentials have been revoked.
Code: Select all
log4j.logger.TM1.SSPISecurity=DEBUG, LOGGER log4j.appender.LOGGER=org.apache.log4j.SharedMemoryAppender log4j.appender.LOGGER.MemorySize=5 MB log4j.appender.LOGGER.File=c:/temp/temp/tm1logger.txt log4j.appender.LOGGER.MaxFileSize=5 MB log4j.appender.LOGGER.MaxBackupIndex=5 log4j.appender.LOGGER.Timezone=Local