Skip to Content
0
Former Member
Jul 30, 2009 at 01:24 PM

BOXI R1, Tomcat, IIS, SSO issue

75 Views

I've just finished migrating reports from my old BOXI server which used Enterprise logon only.

I've setup end to end SSO (using service account and not machine account for IIS) with the help of the documentation, but I'm not getting the desired results (i.e. it isn't working).

I used SETSPN to the DNS name I have created for the host and not its actual machine name. Looking at the AD account for the service account I can see HTTP being a

On the Crystal web server can see in the IIS logs that my logon is requesting the web pages, but I only get left with the normal logon prompt page.

Logging onto the web interface from the Crystal web server:

- If I then logon with my AD account, where the address specifies the machine name, then I can logon fine.

- If I then logon with my AD account, where the address specifies the DNS host name, then I get the error "An error has occurred propagating the security context between the security server and the client."

- If I then logon with my AD account, where the address specifies the DNS FQDN name, then I get the error "An error has occurred propagating the security context between the security server and the client."

Logging onto the web interface from my desktop:

- If I then logon with my AD account, where the address specifies the machine name, then I get the error "An error has occurred propagating the security context between the security server and the client."

- If I then logon with my AD account, where the address specifies the DNS host name, then I get the error "An error has occurred propagating the security context between the security server and the client."

- If I then logon with my AD account, where the address specifies the DNS FQDN name, then I get the error "An error has occurred propagating the security context between the security server and the client."

setspn -L WLONW18

Registered ServicePrincipalNames for CN=WLONW18,OU=Web,OU=Servers,DC=UK,DC=fcl,DC=internal:

BOBJWebiServer/crystalreports

BOBJCrystalReportApplicationServer/crystalreports.uk.fcl.internal

BOBJCrystalReportApplicationServer/crystalreports

BOBJWebiServer/crystalreports.uk.fcl.internal

BOBJCrystalReportspageserver/crystalreports.uk.fcl.internal

BOBJCentralMS/crystalreports

BOBJCentralMS/crystalreports.uk.fcl.internal

HTTP/crystalreports

HTTP/crystalreports.uk.fcl.internal

HOST/wlonw18.uk.fcl.internal

HOST/WLONW18

Geoff