WCCILdata - PARAM,SEVERE, 7/auth, Manager (SYS: 1 Event -num 0 CONN: 1) / User YOURDOMAIN\HOST$ is not authorized to connect

When WinCC OA user management is configured to use kerberos authentication and the startup of the event manager fails with:

"PARAM,SEVERE, 7/auth, Manager (SYS: 1 Event -num 0 CONN: 1) / User YOURDOMAIN\HOST$ is not authorized to connect"

Anmerkung: Note that there are requirements for the WinCC OA kerberos setup. Consider these on the operating system side:

The service principal name (SPN) for the WinCC OA service. This string is interpreted on the WinCC OA side as case sensitive. Enter your SPN uppercase since WinCC OA differentiates between upper and lower case. If a mixed case or lower case SPN is already set, remove it and use upper cases for the SPN.
The config entry kerberosRootGroup must point to an existing group.
The host account (HOST$) where WinCC OA runs on must be a member of this group. Otherwise the service will fail to start.
If you change the credentials (e.g. group membership), refresh the local cache of the workstation OS (Windows). For user accounts a relogin is sufficient. For refreshing host account related setup (SPN and group membership), reboot your windows workstation.