5 Replies Latest reply on May 9, 2018 8:54 AM by Floris Zwaard

    PI integrator for business analytics 2015 user guide - kerberos constrained delegation

    Floris Zwaard

      I have 3 questions about this part of the user guide which did not change between the 1.0 version and the latest 2015 version from 20151215.

      - The screenshot on page 44 and 48 show different settings for either; 'Use Kerberos only' or 'Use any authentication protocol'. Is this correct or which is correct?

      - In step 13 on page 45 under Task 2 it states that you have to add the PI Integrator service account. I find this very strange because you are setting the delegation for this service account and are adding the account itself!?

      I don't think you have to add this account, do you?

       

      - On page 48 the delegation for the AF server is added for the server node, while in the previous sections(page 42) the SPN(service principal name) is made for the domain account under which the AF server is running.

      I guess the delegation for the AF server must be set on the service account under which the AF server is running. You can check this if there is no AFserver Service Type to find when you select the AF server node.  While when you select the service account under which the AF server is running you will find a service type 'AFservice'(or AFserver if you followed the user guide on page 42). Is this correct?