When installing and running the CCS thick console remotely, there are some necessary requirements that need to be implemented before a remote console will work correctly.
The following requirements need to be checked and implemented for the Remote Console to work correctly.
Release : CCS 12.x
Component : CCS Remote Console
Please see the corresponding information below to resolve your issue.
In the example below the CCS Service account is 'ebsvc' (your CCS Service Account will have its own unique user name)
The official documentation can be found in our CCS Online Documenation: Configuring SPNs in CCS 12.x
Information on how to setup SPNs for the CCS Service Account:
Set up an SPN with the NetBIOS name and the fully qualified domain name (FQDN) of the domain user account in whose context the application pool executes. SPN can be set up from the Application Server or the DC. You must associate an SPN to a single user account.
Execute the following commands to set up an SPN:
SetSpn -A Symantec.CSM.AppServer/appserver_machine.hostname DomainName/ccs_service_account
SetSpn -A Symantec.CSM.AppServer/appserver_machine.fqdn DomainName/ccs_service_account
SetSpn -A Symantec.CSM.DSS/dss_machine.hostname DomainName/ccs_service_account
SetSpn -A Symantec.CSM.DSS/dss_machine.fqdn DomainName/ccs_service_account
Legend for the commands above:
appserver_machine.hostname: The NetBios name of the computer where the Application Server is installed.
DomainName/ccs_service_account: The domain name of Application Server service account.
dss_machine.hostname: The NetBios name of the computer where the Directory Service is installed. (Directory Service is installed on the Application Server)
dss_machine.fqdn: The fully qualified domain name of the Directory Service computer. (Directory Service is installed on the Application Server)
Make sure your CCS Service account is set for delegation as per the example below (NOTE: The delegation tab will not be visible if the SPNs have not be set for that user account). The name for my CCS Service Account in the example below is 'ebsvc'. Your CCS Service user will have a unique name.
Make sure the user has permissions in CCS. Test this by having that user log on a CCS Console locally to verify they have the correct CCS role/permissions that you would like them to have.
Verify that there is a two-way trust between the domain where the Application server is located and the domain where the remote server is installed.
If a 2-way trust is not possible then at a minimum a 1 way forest level trust is required for Kerberos to work correctly. See the link below under Additional Information.