FME Flow: 2025.1

Single Sign-On Authentication Failure (Negotiation Error Encryption)

Log file message:

INFORM requesthandler 408053:(Single Sign-On) Negotiation reported an error: "Failure unspecified at GSS-API level (Mechanism level: Encryption type RC4 with HMAC is not supported/enabled)". WARN requesthandler 408058 : (Single Sign-On) Failed authentication because of an negotiation error. Refer to single sign-on documentation for resolution.

Cause

The domain controller allows RC4 encryption while FME Flow does not.

Resolution

Allow FME Flow to use less secure encryption:

  1. On the FME Flow machine navigate to <FMEFlowDir>\Utilities\jre\conf\security
  2. Create a new file called krb5.conf
  3. Edit the new file with the following text and save:

    4. [libdefaults]

    allow_weak_crypto = true

  4. Restart FME Flow.