Showing results for 
Search instead for 
Did you mean: 

SAP 4.0 Windows AD (SSO) not working - FWM 00006

Former Member
0 Kudos


There are lot of posts already on this topic. I completed windows AD setup with

I completed all steps. it is BI 4.0 with tomcat.

I can login to launchpad Or client tools using AD authentication. But not SSO.

As per Step 9 .(Per document)


Start Tomcat, go to E:\Program Files (x86)\SAP BusinessObjects\Tomcat6\logs\, check stdout.log has ‘credentials obtained’ shown.


But I am not getting 'credentials obtained' as part of log.

Any clue?

Error I am getting is

Account Information Not Recognized: Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserName@DNS_DomainName, and then try again. (FWM 00006)

Please don't give references of notes because I already gone through those. none helped.

Appreciate your responses.



Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
0 Kudos


Issue is resolved. It was typo in file.

Active Contributor
0 Kudos

Try to make it run with force password option first do not use Keytab initially.

check the case of your service Account on AD side.

provide the exact case of service Account in file


restart Tomcat and test the issue.

if this does not work check for duplicate SPN as Josh mentioned.

Has this ever worked in the past?


0 Kudos

if you are not getting the 'credentials obtained' message it is because there is something wrong with the configuration of the service account or settings in the file.

this message comes from the fact that the service account running the SIA is unable to delegate credentials based on the idm.princ entry found in the configuration file, none of which is needed for manual logins to work.

please check for duplicate spns by running setspn -x, and double check the settings for sso:
1) settings

2) tomcat option for idm.wedgetail password

3) kerberos delegation set on the service account

If you include a bit of your setup you may get more of a response in diagnosing the error.