I am trying to set up manual AD authentication on a clustered BI 4.1 SP1 system (two servers) running on Windows 2008 R2.
I have followed the instructions created by Steve Fredell, which I have used successfully on other installs previously.
When trying to update the AD Authentication page in the CMC, the error message: is "The Active Directory plugin failed to verify the provided SPN. Please ensure the SPN identifies a valid account" is given. However if I switch to NTLM authentication then the update works and the AD groups are successfully imported and I can see our test user account in the system.
I can logon to the CCM tool using this test user and Windows AD authentication but cannot access the Launchpad as the error "Account information not recognised: The Windows AD plug-in does not support Java in NTLM mode. Please use Kerberos (FWM 02100)" happens.
Running a kinit test on the server works fine and a ticket is stored in the cache file.
can anyone suggest why Kerberos will not work in the CMC?