The data connection uses windows authentication and user credentials could not be delegated

Hi Guys

In my on-premises SharePoint 2013 farm I have configured another domain as a two-way non transitive trust. I'm using the SharePoint farm to host PowerPoivot workbooks with BISM connections to an analysis services (same domain where I hosted my SharePoint).

Observations : Users from my primary domain can refresh workbooks, but users in external domain cannot refresh. The error is "SPSecurityContext: Could not retrieve a valid windows identity for username 'DOMAINB\test' with UPN 'test@domainb.com'. UPN is required when Kerberos constrained delegation is used"

I did following checks

• Service users (claims to token service and excel services) is available in local "WSS_WPG" group
• Claims to windows token service is started
• No duplicate SPNs
• Kerberos event log message "KDC_ERR_C_PRINCIPAL_UNKNOWN"

Hope someone can shed light :)