Server Principal Name (SPN) or the security context of the destination server could not be established error message is received when encryption type "RC4-HMAC-MD5" is disabled in Active Directory

Troubleshooting

Problem

Attempting to login to a Planning Analytics Server configured with integrated login results in error "Server Principal Name (SPN) or the security context of the destination server could not be established" when encryption type "RC4-HMAC-MD5" is disabled in Active Directory

Symptom

1)Attempts to login to the server configured with integrated login over clients such as Architect,Perspective results in error "Server Principal Name (SPN) or the security context of the destination server could not be established"

2)Enabling encryption type "RC4-HMAC-MD5" in Active Directory resolves the issue and logins work as expected.

Cause

If "RC4-HMAC-MD5" is disabled on the Active Directory Server, other encryption types must be allowed/enabled for the service account used by the Planning Analytics services.

Resolving The Problem

Enable the Kerberos AES 128 bit and Kerberos AES 256 bit encryption as per below screen-print for the service account under which Planning Analytics server is running

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSCTEW","label":"IBM Planning Analytics Local"},"Component":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Tips

Server Principal Name (SPN) or the security context of the destination server could not be established error message is received when encryption type "RC4-HMAC-MD5" is disabled in Active Directory

Troubleshooting

Problem

Symptom

Cause

Resolving The Problem

Document Location

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?