Troubleshooting integrated login issues with users originating from multiple domains

Ideas and tips for enhancing your TM1 application
Post Reply
User avatar
gtonkin
MVP
Posts: 979
Joined: Thu May 06, 2010 3:03 pm
OLAP Product: TM1
Version: PAL 2.0.9.4; PAoC 2.0.9.3
Excel Version: Office 365 64-bit
Location: JHB, South Africa
Contact:

Troubleshooting integrated login issues with users originating from multiple domains

Post by gtonkin » Sat Oct 30, 2021 6:57 am

At some clients users connect from multiple domains.
Typically all that is needed is an update on the UNIQUEID to have the relevant domain included there. Sometimes however some users cannot connect and you need to try trace which domain TM1 is actually seeing them originate from.

Up until now this has been impossible, for me at any rate, until I found a logger option for SSPISecurity.
Add TM1.SSPISecurity (Windows - Security Support Provider Interface) as a logger in the TM1S-Log.properties e.g.:

Code: Select all

log4j.logger.TM1.SSPISecurity=DEBUG, LOGGER
log4j.appender.LOGGER=org.apache.log4j.SharedMemoryAppender
log4j.appender.LOGGER.MemorySize=5 MB
log4j.appender.LOGGER.File=c:/temp/temp/tm1logger.txt
log4j.appender.LOGGER.MaxFileSize=5 MB
log4j.appender.LOGGER.MaxBackupIndex=5
log4j.appender.LOGGER.Timezone=Local
Results should give you detail about the user's identity:
SSPI Log.png
SSPI Log.png (89.53 KiB) Viewed 5241 times
Also worthwhile pointing out that if you are troubleshooting for TM1 Web, the STDOut log in tm1_64\logs may have some insights in terms of failure status codes e.g. KrbException, status code: 18 message: Clients credentials have been revoked.

Post Reply