Page 1 of 1

Access from different domain

Posted: Thu Feb 08, 2018 1:52 pm
by Loki419
Hi Guys

I have a question I have seen addressed in part here on and the web but I am obviously missing something (networking neophyte).

Background: I work for a Company with Domain = ABCD. We sell off part of the company but the sold segment still require access while in transition. The sold segment is on Domain XYZ. Our IT have given them the ability to VPN in and they do have access to shared drives on ABCD. Although they can see the TM1 system in Perspectives, when attempting to login they get the error message “Server principal name (SPN) or the security context of the destination server could not be established”.

I have confirmed they can successfully ping the actual IP where the TM1 server resides.

Located a technote suggesting use of ServerPrincipalName = domain name in TM1s.cfg.
When they login via VPN they are still using the creds they had pre spinoff and the unique name in the client control cube is User@ABCD.

Syntax – I have seen this two ways 1) ServerPrincipalName =TM1_Server\Domain and 2) ServerPrincipalName =TM1_Server/Domain. Which is correct?
Do I use ServerPrincipalName in place of ServerName or should cfg contain both?

Additional information –
Large user base still in original company. Need ability for both pre and post spinoff users to access system.
The TM1 server on the ABCD domain is a VM.
I have tried IPAddress="", IPAddress= and IPAddress=T to no avail

Any suggestions are very much appreciated


Re: Access from different domain

Posted: Thu Feb 08, 2018 6:20 pm
by gtonkin
Hi Loki,
Have a look here - I remember going through a similar process trying to get integrated login with TM1 Web working - points 1 through 6 are probably relevant. I now use a field in the }ClientProperties to enter the Domain and then use a rule for the unique id - there should also be a post containing more detail - don't have much time right now to help further.