Hello Forum, I am trying to set up IWA for the desktop clients(windows). Now my metadata /midtier and compute are on RHEL 7 servers. Meta and Midtier are on one machine, with compute on another server. SAS 9.4M5 is installed btw. Now I have completed the prerequisites for setting up IWA which are Unix host joining the AD Creating the service account , UPN,SPN Generating the keytab file. Adding the KRB5_KTNAME env variable and restart the services. After completing all the above, I tried testing if the IWA is working. Checked the Integrated windows authentication checkbox. In the advanced setting security package is "Negiciate:, SPN is the custom SPN that we have and Security Package list is "Kerberos,NTLN". I have the same thing mentinoed above for the workspace server properties too. Now I am able to connect to the SAS Enterprise guide with the profile , however my workspace server validation is failing with below error. [9/14/18 11:35 AM] INFO: Starting extended validation for Workspace server (level 1) - Making a connection [9/14/18 11:35 AM] SEVERE: Access denied. [9/14/18 11:35 AM] SEVERE: The launch of server SASApp - Workspace Server for user failed. [9/14/18 11:35 AM] SEVERE: The application could not log on to the server "sastest.local:8591". Integrated Windows authentication failed. This is what I see in the objectspawner logs. 2018-09-14T11:35:10,227 WARN [00024804] : user- The destination buffer size was not sufficient for the requested password. 2018-09-14T11:35:10,228 ERROR [00024804] :user - Access denied. 2018-09-14T11:35:10,228 ERROR [00024804] :user - The launch of server SASApp - Workspace Server for user failed. Note - I have removed user and server names. Now regarding the SPN, I have a question. How do I create a default SPN? My IT guy has created xyz as service account and created XYZ/sasmeta.local , XYZ/sastest.local , XYZ/sasmeta and XYZ/sastest as SPNs (both FQDN and shortnames). However I need to give SPN as "XYZ/sasmeta.local in order to connect to SASEG. It is not connecting if I leave the SPN blank when I connect to SASEG. So 2 questions Why I am getting that error when I am trying to validate the workspace server? Default SPN -- How to create? Thank you!!!
... View more