Error "The SAM database on the Windows NT Server does not have a computer account for this workstation trust relationship" is seen in server.log while logging into the TIBCO SpotfireServer.
Article ID: KB0076679
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | 7.5 and higher |
Description
Users might not be able to log in to TIBCO Spotfire with NTLM authentication set. The following error might be seen in the "server.log" file.
server.security.NtlmAuthenticator: NTLM authentication error jespa.security.SecurityProviderException: NETLOGON failure
..
Caused by: jcifs.smb.SmbException: The SAM database on the Windows NT Server does not have a computer account for this workstation trust relationship.
When NTLM authentication is enabled, Spotfire stops authenticating users all of a sudden and the above error is seen in the server log. This means that there is an issue with the jespa computer user account used. The user account is either deleted or disabled in the Active Directory.
server.security.NtlmAuthenticator: NTLM authentication error jespa.security.SecurityProviderException: NETLOGON failure
..
Caused by: jcifs.smb.SmbException: The SAM database on the Windows NT Server does not have a computer account for this workstation trust relationship.
When NTLM authentication is enabled, Spotfire stops authenticating users all of a sudden and the above error is seen in the server log. This means that there is an issue with the jespa computer user account used. The user account is either deleted or disabled in the Active Directory.
Issue/Introduction
This article explains why the error "The SAM database on the Windows NT Server does not have a computer account for this workstation trust relationship" is seen when NTLM authentication is used and how to resolve it.
Resolution
To resolve the issue, please follow these steps depending on whatever applies best to your scenario:
- If the jespa user account used in the NTLM configuration has been deleted (SetupWizard.txt file), then the account will need to be recreated
- If a "new jespa service account" with a different name and password needs to be used, then the NTLM configuration steps will need to be performed again as per the NTLM configuration documentation.
- If the account is disabled from the Active Directory, then the account will need to be recreated.
Additional Information
Doc: Creating a computer service account in your Windows domain
Feedback
Yes
No
Powered by
