Troubleshooting
Problem
Attempting to login to a Planning Analytics Server configured with integrated login results in error "Server Principal Name (SPN) or the security context of the destination server could not be established" when encryption type "RC4-HMAC-MD5" is disabled in Active Directory
Symptom
1)Attempts to login to the server configured with integrated login over clients such as Architect,Perspective results in error "Server Principal Name (SPN) or the security context of the destination server could not be established"
2)Enabling encryption type "RC4-HMAC-MD5" in Active Directory resolves the issue and logins work as expected.
Cause
If "RC4-HMAC-MD5" is disabled on the Active Directory Server, other encryption types must be allowed/enabled for the service account used by the Planning Analytics services.
Resolving The Problem
Enable the Kerberos AES 128 bit and Kerberos AES 256 bit encryption as per below screen-print for the service account under which Planning Analytics server is running
Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSCTEW","label":"IBM Planning Analytics Local"},"Component":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Was this topic helpful?
Document Information
Modified date:
21 September 2021
UID
ibm16117520