Navigate Administrator username cannot be found in Windchill 12 with Active Directory

• Navigate Administrator username cannot be found in Windchill 12 with Active Directory
• Windchill 12 does not ship with Windchill Directory Service (WDS) included
• Article CS337554 indicates that using WDS with Windchill 12.0.1.0  and later is considered to be an unsupported configuration by PTC Technical Support
• Customers may have chosen Active Directory (AD) as their LDAP solution
• In Active Directory the username Administrator is the Domain Administrator
• There is no entry in AD that corresponds to the Administrator username with the alias wcadmin in WDS
• Microsoft recommends that Administrator be used only for initial build activities, and possibly, disaster-recovery scenarios
  • The Microsoft guide used to recommend disabling the Administrator account, but it is now necessary for Forest Recovery
• The Administrator account in Active Directory cannot be used as a Windchill user
  • Using Active Directory Domain Administrator account is bad practice
  • May violate Corporate IT policy
  • Administrator is not a username assigned to any Windchill License Profile
• The ThingWorx installer is hard coded to create the username Administrator with Administrator rights in ThingWorx
  • Installer needs to connect to ThingWorx with administrator permissions
• The ThingWorx Navigate configurator uses a function to determine the ThingWorx administrator name
  • Configurator needs to access ThingWorx with administrator permissions
• During ThingWorx Flow configuration configurator needs to connect to Windchill using sslClientAuth
• Error from Windchill MethodServer log:

ERROR [ajp-nio-127.0.0.1-8010-exec-8] wt.servlet.ServletRequestMonitor.request  - 2021-09-03 13:53:07.360 -0400, <session specific codes>, -, 127.0.0.1, /Windchill/sslClientAuth/sslClientAuth/servlet/odata, wt.effectiveUid= Administrator, GET, 500, 0.015625, 0.0143012 wt.session.SessionUsers$PreLoginException: wt.licenseusage.licensing.LicensingException: Access is denied. You are not a registered Windchill user

• Connection fails with entry in ThingWorxNavigateConfigurator.log:

Configuring Flow connector
[13:53:06] - httpRequest useSSL = 1  

[13:53:06] Execute httpPost - URL:  https://<lServerFQDN:FlowPort>/Thingworx/Subsystems/WorkflowSubsystem/Services/UpdateConnector?x-thingworx-session=true 

[13:53:07] - HTTP return code: 500

[13:53:07] Failed to configure Flow connector PTC-Nav-Windchill-Connector. Check Thingworx Application log for more information.
Problem running post-install step. Installation may not complete correctly
 Failed to configure ThingWorx Flow connector.