BO server : Windows 2008 R2 SP1 (domain member server) server name : CR2008R2
AD server : Windows 2003 R2 SP2
Previous 2008V0 deployment : AD authentication was okay!
New 2011 server deployment : CMC AD Login with the following errors :
Account Information Not Recognized: The Active Directory Authentication plugin could not authenticate at this time. Please try again. If the problem persists, please contact your technical support department. (FWM 00005)
kinit test is okay.
krb5.ini :
[libdefaults]
default_realm = DANIELCO.COM.HK
dns_lookup_kdc = true
dns_lookup_realm = true
udp_preference_limit = 1
default_tgs_enctypes = des-cbc-crc
default_tkt_enctypes = des-cbc-crc
[domain_realm]
[realms]
DANIELCO.COM.HK = {
admin_server = DCSRV1.DANIELCO.COM.HK
default_domain = DANIELCO.COM.HK
kdc = DCSRV1.DANIELCO.COM.HK
}
setspn -L spn2011
Registered ServicePrincipalNames for CN=spn2011,CN=Users,DC=danielco,DC=com,DC=hk:
BOBJCentralMS/CR2008R2.DANIELCO.COM.HK
HOST/spn2011
tried to run ktpass cmd to create and place a Kerberos keytab file but retruned
unable to set spn mapping data
hence, could not login CMC thru AD
In BI 4 Launchpad, no AD login could be selected!
CMC could see and add AD groups.
Please help! Thank you very much!