Hi Bill,
"setspn -l works for both test and prod" :
As I said in my precedent answer, I think you have to add these setspn commands :
setspn – a http/[BO_SERVER_NAME].[DOMAIN] [SSO_User]
setspn – a http/[BO_SERVER_NAME][SSO_User]
setspn – a http/[BO_SERVER_IP][SSO_User]
setspn – a http/tomcat7.[DOMAIN][SSO_User]
setspn – a http/tomcat7 [SSO_User]
For example :
setspn – a http/boserver.company.com ssobo
setspn – a http/boserver ssobo
setspn – a http/10.254.1.10 ssobo
setspn – a http/tomcat7.company.com ssobo
setspn – a http/tomcat7 ssobo
"on the test machine, I can log on to to the BO server as myself, but am unable to do so on Prod" :
Try to add the domain before your user name in the CCM : DOMAIN\peck
Is your user "peck" in the administrators group of your PROD server ?
Did you grant the local policy "Act as Part of the operating system" for your user "peck" ?
"then on CMC, I cannot enter the Mapped AD Member group"
Are your sure that you write :
AD Administration name : DOMAIN\GROUP in ALL CAPS (I see business.objects.app that seems to be your user ans not your group)
Regards,
PLMaurin