Log file messages:
(Single Sign-On) Negotiation complete; authentication granted for user "...".
(Single Sign-On) Failed authentication because user "..." could not be found in Active Directory.
Cause 1
单点登录身份验证was attempted and succeeded, but the user does not exist in the configured Windows domain.
Resolution 1
Ensure that the user account used to log into the client machine is a part of the Windows domain thatFME Flowis configured to use.
For example, ifFME Flowis configured to use Active Directory for 'Domain1', clients logged in using a 'Domain2' user account will not be able to authenticate withFME Flow.
Cause 2
单点登录身份验证was attempted and succeeded, butFME Flowdid not have the right privileges to find the user. This may be caused by theservice accountsetting 'Do not require Kerberos preauthentication'.
Resolution 2
Kerberos pre-authentication must be enabled for the service account. SeeUpdating the Windows Domain Configurationfor information on how to configure the service account.