Symptom
FME Server has been configured for Active Directory specifying a valid preauth service account, and Users with valid accounts and correct permissions are unable to view the list of resources in FME Server Web UI > Manage > Resources. The Active Directory Troubleshooting Documentation has been reviewed and the solution cannot be determined
The following is noted in <FME Server System Share>\resources\logs\core\current\fmesharedresource.log:
(Active Directory) Authenticating user "FMESERVICE@SAFE.COM" using SASL mechanism "GSSAPI" with KDC address "DNS.SAFE.COM" and realm "SAFE.COM"... (Active Directory) Successfully established a new connection to DNS.SAFE.COM. (Single Sign-On) Disabled single sign-on authentication. (Login Module) Authenticating token "23b385c617625eefb4f7ea8d91746aa572b889a9" clientAddress "". (Active Directory) Successfully established a new connection to DNS.SAFE.COM.Failed login by user 23b385c617625eefb4f7ea8d91746aa572b889a9 due to insufficient credentials.
Cause
This appears to be an issue with a parameter setting in the Active Directory User Properties.
Resolution
Try opening the Active Directory User Properties for the service account specified as the SECURITY_AD_PREAUTH_USERNAME (e.g. FMESERVICE) in \Server\ fmeCommonConfig.txt and ensure that "Do not require Kerberos preauthentication" is unchecked.
Please let us know in the comments if this resolves the issue for your FME Server installation.
Comments
0 comments
Please sign in to leave a comment.