KNOWLEDGE BASE

Errors "Sign in Failed" or "Tableau Server could not authenticate you automatically." When Authenticating to Tableau Server via Kerberos


Published: 13 Feb 2015
Last Modified Date: 23 Nov 2017

Issue

When authenticating to Tableau Server via Kerberos, one of the following error messages might occur in Tableau Server:
Sign in Failed 
 
Or:

Tableau Server could not authenticate you automatically.
Sign in using your Tableau Server credentials.
 

Environment

  • Tableau Server
  • Kerberos Authentication

Resolution

Option 1

Verify that your web browser is configured for Kerberos SSO. For more information, see Browser Support for Kerberos SSO.

Option 2

Depending on your environment security requirements, specific encryption may be required. To include all encryption possible, add the parameter /crypto All to ktpass command in the script generated by Tableau Server. See details of the KTPASS command in this article: Ktpass on Microsoft Technet.

Option 3

Depending on your environment requirements, it may be required to create a keytab for multiple SPNs by replacing the ktpass command in the script generated by Tableau Server by the following:
ktpass /princ HTTP/tableauserver.domain.lan@DOMAIN.LAN /pass !adpass! /ptype KRB5_NT_PRINCIPAL /out kerberos1SPN.keytab
ktpass /princ HTTP/tableau.mycompany.com@DOMAIN.LAN /pass !adpass! /ptype KRB5_NT_PRINCIPAL /in kerberos1SPN.keytab /out kerberos2SPN.keytab

Once done, provide to Tableau Server the file generated kerberos2SPN.keytab.

For more information, see details of the KTPASS command in Ktpass on Microsoft Technet.

Cause

Apache is unable read the keytab file.

Additional Information

The following error might appear in the Apache gateway (httpd) error.log file:
 
gss_accept_sec_context() failed: Unspecified GSS failure.  Minor code may provide more information (, Wrong principal in request)
Did this article resolve the issue?