cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

The data connection uses windows authentication and user credentials could not be delegated

dinusha Kumarasiri
Copper Contributor

‎Feb 27 2017 03:10 AM - edited ‎Feb 27 2017 03:13 AM

‎Feb 27 2017 03:10 AM - edited ‎Feb 27 2017 03:13 AM

The data connection uses windows authentication and user credentials could not be delegated

Hi Guys

 

In my on-premises SharePoint 2013 farm I have configured another domain as a two-way non transitive trust. I'm using the SharePoint farm to host PowerPoivot workbooks with BISM connections to an analysis services (same domain where I hosted my SharePoint).

 

Observations : Users from my primary domain can refresh workbooks, but users in external domain cannot refresh. The error is "SPSecurityContext: Could not retrieve a valid windows identity for username 'DOMAINB\test' with UPN 'test@domainb.com'. UPN is required when Kerberos constrained delegation is used"

 

I did following checks

  • Service users (claims to token service and excel services) is available in local "WSS_WPG" group
  • Claims to windows token service is started
  • No duplicate SPNs
  • Kerberos event log message "KDC_ERR_C_PRINCIPAL_UNKNOWN"

 

Hope someone can shed light :)

Labels:
1,684 Views
0 Likes
0 Replies
Reply
0 Replies