Product: TIBCO Spotfire®
Unable to set SPNs on account with ERROR: Insufficient access rights to perform the operation.
When you set Kerberos Authentication on TIBCO Spotfire server, you need to set SPNs for TIBCO Spotfire server Kerberos service account.
Once you get to the step "SETSPN" command-line tool for the TIBCO Spotfire server Kerberos service account , run a below command line script:
setspn -A http/servername domain\service account
and you may run into error below:
Failed to assign SPN on account 'CN=domain\service account ,OU=ABC, OU=XYZ Service account, OU Admins, DC=Domain,DC=com', error 0x2098/8344 -> Insufficient access rights to perform the operation.
------- It seems that the user who is running "SETSPN" command does not have sufficient permissions to create SPN on the domain controller.
To run this command, you either need to login to the machine as a domain admin or a user who is a member of the built-in Account Operators domain group.
Refer to the below TIBCO Spotfire server manual link to for more information:
Below is from the manual
"Log in to the computer as a domain administrator or a user who is a member of the built-in Account Operators domain group." to perform this operation.