Troubleshooting
Problem
A previously working TM1 Web environment is not working anymore: users are receiving "Authentication error -
Login failed" errors in Chrome (and Edge) when trying to connect to a TM1 Server by using Integrated Windows Authentication (SSO, Kerberos, SPNEGO).
Login failed" errors in Chrome (and Edge) when trying to connect to a TM1 Server by using Integrated Windows Authentication (SSO, Kerberos, SPNEGO).
Errors in tm1server.log:
TM1.Login Login attempt by client: ***
TM1.Login Login Error: SystemServerClientConnectFailed
Errors in tm1_messages.log on the TM1 Web side:
[5/9/22 9:43:48:361 CEST] 00000cfa SystemErr R com.ibm.security.krb5.KrbException, status code: 31
message: Integrity check on decrypted field failed
...
[5/9/22 9:43:48:361 CEST] 00000cfa SystemOut O Applix TM1->PerformSingleSignOn Exception org.ietf.jgss.GSSException, major code: 11, minor code: 0
major string: General failure, unspecified at GSSAPI level
minor string: Error: java.lang.Exception: Error: com.ibm.security.krb5.KrbException, status code: 31
message: Integrity check on decrypted field failed
Cause
Since Chrome version 100, the "AuthNegotiateDelegateWhitelist" policy is deprecated.
Resolving The Problem
Open Regedit.exe from the Windows start menu, go to either HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER, go to \Software\Policies\Google\Chrome, and replace "AuthNegotiateDelegateWhitelist" by "AuthNegotiateDelegateAllowlist".
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSCTEW","label":"IBM Planning Analytics Local"},"ARM Category":[{"code":"a8m3p000000PC7XAAW","label":"Planning Analytics-\u003EWeb PASS Contributor Application"}],"ARM Case Number":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
19 August 2022
UID
ibm16614195