Home

The data connection uses windows authentication and user credentials could not be delegated

Highlighted
New Contributor

Hi Guys

 

In my on-premises SharePoint 2013 farm I have configured another domain as a two-way non transitive trust. I'm using the SharePoint farm to host PowerPoivot workbooks with BISM connections to an analysis services (same domain where I hosted my SharePoint).

 

Observations : Users from my primary domain can refresh workbooks, but users in external domain cannot refresh. The error is "SPSecurityContext: Could not retrieve a valid windows identity for username 'DOMAINB\test' with UPN 'test@domainb.com'. UPN is required when Kerberos constrained delegation is used"

 

I did following checks

  • Service users (claims to token service and excel services) is available in local "WSS_WPG" group
  • Claims to windows token service is started
  • No duplicate SPNs
  • Kerberos event log message "KDC_ERR_C_PRINCIPAL_UNKNOWN"

 

Hope someone can shed light :)