Log file messages (Symptom 1):
(Single Sign-On) Negotiation reported an error: "Failure unspecified at GSS-API level (Mechanism level: Checksum failed)".
(Single Sign-On) Failed authentication because of an negotiation error. Refer to single sign-on documentation for resolution.
Log files messages (Symptom 2):
(Single Sign-On) Negotiation reported a defective token from client: "...".
(Single Sign-On) Failed authentication because of an negotiation error. Refer to single sign-on documentation for resolution.
Log files messages (Symptom 3):
(Single Sign-On) Negotiation reported an error: "...".
(Single Sign-On) Failed authentication because of an negotiation error. Refer to single sign-on documentation for resolution.
Cause 1
The service principal name (SPN) wasn't registered to the service account used by FME Server.
Resolution 1
Ensure that the service account used for SPN registration matches the one specified in SECURITY_AD_PREAUTH_USERNAME. For more information, see Updating the Windows Domain Configuration.
Cause 2
Single sign-on authentication was attempted and failed, and the user does not exist in the configured Windows domain.
Resolution 2
Ensure that the user account used to log into the client machine is a part of the Windows domain that FME Server is configured to use.
For example, if FME Server is configured to use Active Directory for 'Domain1', clients logged in using a 'Domain2' user account will not be able to authenticate with FME Server.