IBM Support

Unable to log in to TM1: Server principal name (SPN) or the security context of the destination server could not be established.

Troubleshooting


Problem

Attempts to log on to TM1 result in an error.

Symptom

Server principal name (SPN) or the security context of the destination server could not be established.

Resolving The Problem

Suggestions for troubleshooting:
1. This error may occur if the client PC never had a full TM1 client install and is using loose files. If this is the case, remove the loose files and perform a proper installation of TM1.

2. Server and client are in different domains.

3. Either the client account or the server account is not a domain account. Check that client is allowed to connect to the server.

4. Occasionally a network connection is lost between the PC and the domain; rebooting should resolve this. Try rebooting the client first, and if needs be, the TM1 server.

5. Client can not make a TCP/IP connection to the server. Make sure the client machine can ping the server machine.

6. Sync the time between the domain controller and the server machine.

7. The wrong security package is used in the tm1s.cfg file. If you are using SecurityPackageName=NTLM try SecurityPackageName=Kerberos. If the web server and tm1server are on separate machines it almost always has to be Kerberos. You will have to recycle the TM1 service to make the change take effect.

[{"Product":{"code":"SS9RXT","label":"Cognos TM1"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"TM1","Platform":[{"code":"PF033","label":"Windows"}],"Version":"9.5.2;9.5.1;9.5;10.1.0;10.1.1","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
15 June 2018

UID

swg21458587