FME Version
Symptom
FME Flow (formerly FME Server) has been configured for Active Directory, specifying a valid preauth service account. Users with valid accounts and correct permissions cannot view the list of resources in FME Server Web UI > Manage > Resources. The Active Directory Troubleshooting Documentation has been reviewed, and the solution cannot be determined.
The following is noted in <FME Flow System Share>\resources\logs\core\current\fmesharedresource.log:
(Active Directory) Authenticating user "FMESERVICE@SAFE.COM" using SASL mechanism "GSSAPI" with KDC address "DNS.SAFE.COM" and realm "SAFE.COM"... (Active Directory) Successfully established a new connection to DNS.SAFE.COM. (Single Sign-On) Disabled single sign-on authentication. (Login Module) Authenticating token "23b385c617625eefb4f7ea8d91746aa572b889a9" clientAddress "". (Active Directory) Successfully established a new connection to DNS.SAFE.COM.Failed login by user 23b385c617625eefb4f7ea8d91746aa572b889a9 due to insufficient credentials.
Cause
This appears to be an issue with a parameter setting in the Active Directory User Properties.
Resolution
Try opening the Active Directory User Properties for the service account specified as the SECURITY_AD_PREAUTH_USERNAME (e.g. FMESERVICE) in \Server\ fmeCommonConfig.txt and ensure that "Do not require Kerberos preauthentication" is unchecked.
If this does not solve your issue, search our Community for similar topics or submit a support ticket.
Comments
0 comments
Please sign in to leave a comment.