Hi,

We are trying to configure SPNego on EP7 SP11 portal. Our ADS directory structure is as below

Root Domain (xxxxxx.net)

|__ AM Domain (am.xxxxxx.net) america subdomain

|__ EU Domain (eu.xxxxxx.net) eurpoe subdomain

|__ AP Domain (ap.xxxxxx.net) asia subdomain

We have created the service user in the AM domain (j2ee-<SID>) and registered it with the ADS service. We have successfully configured the datasource configuration and the "Test Connection" and "Test Authentication" both work successfully. The service user when searched from the Identity management for the "krb5principalname" is retrieved correctly.

When we run the SPNego wizard in the step for adding "Kerberos Realm" we enter the Realm adn the KDC. In the "Service User name" we enter the same user as j2ee-<SID>@xxxxxx.net. When we click on next the error message is popped with the message that the service user is not found.

Is there anything that needs to be done in the configuration of the service user ?

Can the service user be created in the am.xxxxxx.net subdomain or it should be on the root domain ?

Thanks!!