Product: TIBCO Spotfire®
Setting up NTLM authentication on Spotfire Server results in "The Trust relationship between this workstation and the primary domain failed"
Spotfire Administrators may receive the following error when trying to login to Spotfire Server machine after resetting the password using 'SetComputerPassword.vbs' script:
"The Trust relationship between this workstation and the primary domain failed."
Rejoining the Spotfire Server machine to the corresponding domain will address this behavior (i.e., Administrators can login to the Spotfire Server machine using an AD account) but this breaks NTLM authentication and results in the following error:
“Login failure: unknown user name or bad password”
If running the SetComputerPassword.vbs again we get past the Login Failure error in the Spotfire logs but end up with the trust relationship error again when trying to login to the server with an AD account. This issue happens if the "Computer Account" is manually created without using the script (SetupWizard.vbs) provided with the Spotfire Server. If the computer account is created manually and then joined to the domain, it will assign a random password to the machine account breaking the NTLM authentication. If the password is reset for this account using the "SetComputerPassword.vbs" script, it will cause a conflict and will kick the machine account out of the domain resulting in the "Trust Relationship" errors.
The "Computer Account" used for NTLM authentication in Spotfire is not a physical machine account and should not be confused for one. To set up the required "Computer Account", use either of the following methods:
- Use the "SetupWizard.vbs" script to create a computer account and assign the required password OR
- Create a computer account manually in the domain and then use the "SetComputerPassword.vbs" script to set the account password.