LogoDark mode logo
LogoDark mode logo
Contact SupportLoading Light/Dark Toggle

    • Troubleshooting licensing and activation
    • Troubleshooting users being unable to logon
    • How to check which license key is being used
    • "No license available. There are either insufficient named user licenses available, or you have been blocked from logging on to this server"
    • "License already activated" or "Maximum activations reached"
    • I've received a license expiry notification
    • An error occurred: The key provided is invalid. Activation keys must consist of at least 5 groups of letters and digits
    • This key has expired
    • "Your current license does not include the use of the EA Designer"
    • The activation key you have entered is incompatible with this version of SquaredUp DS
    • SquaredUp cannot start due to an error
    • HTTP Error 500 - The file {filename} has not been pre-compiled, and cannot be requested
    • Unable to log in post SquaredUp DSv4.4: "SCOM connectivity error: unknown or non-specific error"
    • Duplicate SPN found - Troubleshooting Duplicate SPNs
    • "Login failed for user" when configuring the Data Warehouse
    • Troubleshooting Kerberos
    • Authentication with the System Center Operations Manager server was unsuccessful
    • Users unable to logon when Kerberos constrained delegation configured
    • Users are unexpectedly logged out of SquaredUp DS
    • There are no licenses available, or the license for this user is in use elsewhere
  • Collecting diagnostic information
  • Operations Manager 2012 Data Warehouse Health Check Script
  • Where to find log files

troubleshootinguser access licensingusers unable to logon when kerberos constrained delegation configured

Users unable to logon when Kerberos constrained delegation configured

If users are being presented with the SquaredUp DS logon screen see Troubleshooting users being unable to logon.

Symptoms

When users attempt to log on to SquaredUp DS they receive a browser-based login prompt.

The following error is logged in the SquaredUp DS log file (see Where to find log files):

[ERR] SCOM connectivity error: unauthorized System.UnauthorizedAccessException: The user does not have sufficient permission to perform the operation.

Cause

SquaredUp DS accesses SCOM using the end user's credentials. When Windows authentication is being used and SquaredUp DS is deployed on a dedicated server (not a SCOM server), the end user first authenticates with the SquaredUp server, and then the SquaredUp server impersonates the end user and authenticates with the SCOM Management Server. This requirement to authenticate a second time is known as a 'double-hop' and requires Kerberos delegation to be configured correctly.

Kerberos delegation involves complex configuration. It requires Kerberos authentication to be correctly functioning between client, web server and management server, and for configuration such as Service Principal Names (SPNs) to be configured correctly.

You may find that users logging on to SquaredUp DS on a client, who have also logged on to the browser on the SquaredUp server itself, will authenticate successfully. This is because their session can still be live on the SquaredUp server, which means it is in effect now only a one hop authentication between the client and SCOM. This can cause confusion when diagnosing the issue.

Resolution

Please follow the guide here User authentication methods for SquaredUp DS for SCOM.

And run through the Troubleshooting Kerberos article.

Was this article helpful?


Have more questions or facing an issue?
Submit a ticket

Footer

Sites

  • SQUAREDUP
  • SQUAREDUP DS
  • DOWNLOAD
  • COMMUNITY ANSWERS

Quick Links

  • SUBMIT A REQUEST
  • EVENTS
  • CAREERS

Small Print

  • PRIVACY POLICY
  • TERMS AND CONDITIONS
Youtubex (Twitter)LinkedIn

© SquaredUp 2025