Is this normal?
I have a svc_Bosso account created in AD and it runs everything according to the SSO authentication guide used to setup the server. I can use that AD account to login the Web intelligence tools but not the CMC. The account is an admin, and everything else works fine. The error I get it is.
I have a Business_Users group in AD that includes the service account and that is in the list on the CMC Authentication/Windows AD mapped AD member groups.
If I got to users and groups svc_Bosso is in the user list. I I right click and select member OF I see administrators, Domain\Business_Users and everyone.
Any ideas why I can't login to the CMC?
How are you trying to log into CMC? Is it svc_Bosso@DOMAIN.COM or domain\svc_Bosso ?
The latter wont work for CMC or Infoview. The client tools will work though.
Also is the service account and other users coming from the same AD domain?
Does kinit <service account> successfully fetch a ticket?
Can a different user login from your machine?
The following SAP KBA can help:
I've seen this behaviour before when everything works fine except the service account. The first thing I would ask you is why do you need to log with a service account as long as all your users can log in normally?
It suppose that you might have a problem with the service account kerberos tickets in the server. Tomcat obtains a ticket for the service account when it starts. If you are using a keytab, try using the password instead in the Java parameters in Tomcat.