Single Sign-On Authentication Failure (Negotiation Error)

Log file messages (Symptom 1):

(Single Sign-On) Negotiation reported an error: "Failure unspecified at GSS-API level (Mechanism level: Checksum failed)".

(Single Sign-On) Failed authentication because of an negotiation error. Refer to single sign-on documentation for resolution.

Log files messages (Symptom 2):

(Single Sign-On) Negotiation reported a defective token from client: "...".

(Single Sign-On) Failed authentication because of an negotiation error. Refer to single sign-on documentation for resolution.

Log files messages (Symptom 3):

(Single Sign-On) Negotiation reported an error: "...".

(Single Sign-On) Failed authentication because of an negotiation error. Refer to single sign-on documentation for resolution.

Cause 1

The service principal name (SPN) wasn't registered to the service account used by FME Server.

Resolution 1

Ensure that the service account used for SPN registration matches the one specified in the Service Account Name field of the Active Directory connection. For more information, see Updating the Windows Domain Configuration.

Cause 2

Single sign-on authentication was attempted and failed, and the user does not exist in the configured Windows domain.

Resolution 2

Ensure that the user account used to log into the client machine is a part of the Windows domain that FME Flow is configured to use.

For example, if FME Flow is configured to use Active Directory for 'Domain1', clients logged in using a 'Domain2' user account will not be able to authenticate with FME Flow.