Skip to Content
Former Member
Dec 16, 2013 at 11:48 AM

AD Plugin update fails with Kerberos, works with NTLM



I am trying to set up manual AD authentication on a clustered BI 4.1 SP1 system (two servers) running on Windows 2008 R2.

I have followed the instructions created by Steve Fredell, which I have used successfully on other installs previously.

When trying to update the AD Authentication page in the CMC, the error message: is "The Active Directory plugin failed to verify the provided SPN. Please ensure the SPN identifies a valid account" is given. However if I switch to NTLM authentication then the update works and the AD groups are successfully imported and I can see our test user account in the system.

I can logon to the CCM tool using this test user and Windows AD authentication but cannot access the Launchpad as the error "Account information not recognised: The Windows AD plug-in does not support Java in NTLM mode. Please use Kerberos (FWM 02100)" happens.

Running a kinit test on the server works fine and a ticket is stored in the cache file.

can anyone suggest why Kerberos will not work in the CMC?