Re: Kerberos error KDC_ERR_BADOPTION
- From: "Tim" <asatad@xxxxxxxxxxxxxxxx>
- Date: Fri, 9 Jun 2006 14:40:28 -0500
Ran the same test again using the IP instead of the host name and got this:
started....
Reusing existing connection (source port 4291)\n
ISC_REQ_MUTUAL_AUTH | ISC_REQ_DELEGATE set\n
SEC_I_CONTINUE_NEEDED\n
REQUEST: **************\n
GET /loader.aspx HTTP/1.1\r\n
Host: 10.1.1.201\r\n
Accept: */*\r\n
Connection: Keep-Alive\r\n
Authorization: Kerberos
YIIKcQYJKoZIhvcSAQICAQBuggpgMIIKXKADAgEFoQMCAQ6iBwMFACAAAACjggSFYYIEgTCCBH2gAwIBBaEMGwpMQUJUU0MuQ09Noh0wG6ADAgECoRQwEhsESFRUUBs
KMTAuMS4xLjIwMaOCBEcwggRDoAMCARehAwIBAqKCBDUEggQxt6zAFegMXInTTftiqMGwWeBjqX7oCPMF667YyohsBpV+rcX2sd25wbZ1dRwl6FlMBBSY/w2xinvSeBJIaaRpueEab9BKcNiZTPVZnI
OjUnye3/xSi4MvdWtLWJlplz4r7tJuEvKCB2X/pRbVMsxAZT3ou/GILSrR3sKiROXfIzFuasL+5gmfnOD5IbsrAC3fjBnIZ+OOeu4mMgC5s3ikLZ0GeqHlhYWdpcNsd0PmfrD+AuRJuJvH0djB1Xpav
49d0HwQvWZFSnXp2bW1hJOljnHgZdAt5V0fpAqyxCMYyPMAbrk3PmmQTa0GTs+beCk44HrAnG/OheRd72gk/AwVZkkA0YmChmhYHEUQPakRnPRFLUMrJRwb2BkKZkawzuM8eKmmG1eVNPcAYvKgiWFi
jl+YCi0l1VVk/zTJMj/03K1KNAPgevIfl32ln72ttoaVE+1XktmF9zLRzkaxpqAIssHqoTNhkkFsffQbrn7E+22pOf8rakty0rJ8yk3aS3EpXBA5044jN6OQpYfDwDlDkv82V1owUlDQVZcxp6Snupv
aJ2RCJtpMLYV1F3XFed9M4kT9s220D9RV0JJ6FNzw1mIn4l1oBUr/6wxV4Sku9H1TOnG9AYRylquvGzrsnPJncyvYoguW2geQe0kJIXuBAU/z4HCAFMAEzXpfeyl0TswnZ7cdzkEeOioMe76/1eBFdV
4T56UvF9Rcd/eR1ljXeJp69QZaVhJyDjJqEisCLtXGqO+7V/XHIEmWkzu7wRHcXl/b6sHWNVDaGdPMs/MGcNR7/jzL4sBOM0Wp88AzqtqBmQWO6MiwdPeFWmEaSj6A3oy3ijPz0mJC3vCG4MZN+zKIY
nwiUbgx68qcsllL7sYiEyzZcQmg7npCyt5IvIEzGLVCDB8PdSjv61ktPF5fAJF4EHQg23DrbIRnUbdGtB+C/9lu9zwxQgPsRrHg5QxjYcyrWoURlvtwdX9NGpq6I8sWJ7OlBXI8N52pTXJbKEGxUabl
asgcmk/EfymL9ZidkD1wm8s0ckUK40HEdmkljbA9Ced2ewViwNM8mJKhjmJSwPddO+reE5zcYmKV8vCXX4amSgILLmwcoruVjBEqYHbCGPjFsommkTafLTU47ZD8wScZJu5niRUCtBUyVzlF58bgBiP
eJQlPUnJyewp6Lay7XQTHPpEZj6SRUHzwfzpQrwiN9tK3cJrxbIQsnuu94RmJBT18UdQqxjVKVBe+m1a0dhy34vwMUL75fGnwzK03VPf/HAHaCI5k7oKu0WdCqbDQGZgaRLAFmPPahQH7A1KZDG2gsY
LOARb2r40MjosUOkvAT1+/RnKThA3/u6zOBJiO2oJSdrCUTwbItmIa785DSFxnUHKvwlJa7KJEk4OxOJHLRG3af6vfutWmnamaDlYV7VsC1K/IrsLRbYpbKsOkggW8MIIFuKADAgEXooIFrwSCBatPL
j5oEXvE1vTTQQw9lxsQDkCIZ6OyXlaK4UrLtQe32kI6yWrAI4NVqweXThOITBE7gzUQFGTF6og8XW4t8bwXiOq70+d7LNq6Y6UT00234KcKigg/osZEb/hOtTuBeU8GQByQNCw+FPeLduvQ13+UssdO
VEp+vSVWh/Ao6GkcWkq/QTU4G9xwwSh05wR8sjwjMLwuf/JDdDQz4bxNCpHZ7qpXCiRmh8dSiqjgtf6STtJFmF8r+D1RP1wy3Tl2xC0eAQ48IJiC/IOQLRoioQlQjkqXqhaXcgEXrtz/+cqYcpxAD3/
MuXC3oq1Tnz0kB1AxXgEYuWiGRVBNcXBpj0PZz9mF0nkDiTNLlIVJQoWxox4oiqVK9xAftYUiYdK34NAF6AsyybZuf2toWwz47lu2Pm4Bm5NhiP/ZR/z8ogdmQFRH0/2mBjtTxvKZ2pQE/5x1p9tVJC
nxEGTLiTF/Q3Li56tdK0rAhsLzavH3uk3mBbOHgsiUPgCf4DouZMDL3Dr6m9JauJ2Ux2BygrTlW8HvkeHmtOChrxbt2yosy16v420EeSmJGgI9pdvPJCOEO5Q1r2gO9Y8Lwq1c1EeKropI9jGS1/0rz
WJH6B/cfu2X+MIkJFV7Pw+hPhEZ8PAIS7IlKN424v3Rl8TSWtKveC9Pu/8wWz6IV1UokUHc3yAzGqIImuaXU6Uvw7Ix0NsIOsxws8EiDE2fIJ2PvXSPLDsyjmnZ3dth6P9xCMkJj5vM/d7kchrDKoOq
NkecJiwOgfpnsw57EYZfiykNlm/gib0aDsYAwD29qjwdAwg5sX84kYzxMFNYe0po5dktueWWXpQYbhHJPsp0XNZrq6Q7vgeQeuU5qJ4w9/ZjLh38V6tqx5JeFT82oZ5ZV185sTHGlPTHk86zDsUC6Qo
sTj49uEe15i/xnL6kSykeElkuyMsab0xaHai/ZLkfrAREH/RS7nOxERTdFG5QJJVKcJ7O66zLVtKr6lqYilkuzyt5zC/WR1zLTvVOYqLNamjX4rCJ2hTz8dHHQQQxqWqeE7lfncELLnO5UoSA9gaYV1
eD8Zk8DtpA/iy5TNDiuj5OS5t2y/P/liJ6R4C6Cm6Kl0+HhS06ActJe2lxHaBHGHJTyEvkyyhtAzeJqa8cMfvCqJUiRJ60hudevd1ocxISE2SwWNU913Kg6Jb3VtSRxiorWpcWFpyzZFq7Dns967DgR
ggDUXOXKHBLm1feEDvt+kfEitvR0LVp48YYcDZziKCNQhwoaMpFF7KVs5lE58SJTo+5EzdNzBFT5WSPuTluGVLnlLJeW3D9WPHnbg+C0EvJVMM3an2dKCABr41MXUecLwgf/Yj+r/xGWfPRKOwqu7rZ
5wNx6Rr2akc0Dv+0gijQJyUwQXCWA/OSBcdXGQA+W6mzoETCq09GRyr5apwKH6qaklfBa9vkJSccW1ugovFb4PaNVjAQ34kjrXCwjiMadgTO2LLM6PQyEnH3gsoAjWQcQvQzHxM8+A+TiSArD0q5XBw
1m3mPCWYDiaAF6iqbQ51PShc/PNY+KlPEDuXE2IyJ1Y89gJM2uVuPxgqdtZ+zvmWHJUD+1/9O750RlKBZpMw5ygacQqlWP2+k+l4Ghw6c5U1N6fuUcB82GRem+GGrpWEZ1ZXOXi0Pzw48PyIpCZT2hN
tx3edc82zap9XjvY82lQQ4oxsUd+frFIC2rVDwHNc8CnyI0J8BRz4M25SWhyGMVf5OsTL73wSFco5PhtSBnPYifDSA2TI37Hq+sbWrOtt32/JtQyRUkEsoLv1LW15/8WmupSd0b9G9cL8iY4GvCkYMS
C9InnIVyU33ZXLdymkSWa6cGzsAE+vzI0YhvG+zFKpE2+CwlQMS/QBnKXZs9XSV5dIrPqV4TS8E+xfScwgDGJTPb8H48I3vOrQw5i21fs8brKvf3/tfBf+2hA==\r\n
\r\n
RESPONSE: **************\n
HTTP/1.1 401 Unauthorized\r\n
Content-Length: 1656\r\n
Content-Type: text/html\r\n
Server: Microsoft-IIS/6.0\r\n
WWW-Authenticate: Negotiate\r\n
X-Powered-By: ASP.NET\r\n
Date: Fri, 09 Jun 2006 19:37:58 GMT\r\n
\r\n
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd";>\r\n
<HTML><HEAD><TITLE>You are not authorized to view this page</TITLE>\r\n
<META HTTP-EQUIV="Content-Type" Content="text/html;
charset=Windows-1252">\r\n
<STYLE type="text/css">\r\n
BODY { font: 8pt/12pt verdana }\r\n
H1 { font: 13pt/15pt verdana }\r\n
H2 { font: 8pt/12pt verdana }\r\n
A:link { color: red }\r\n
A:visited { color: maroon }\r\n
</STYLE>\r\n
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>\r\n
\r\n
<h1>You are not authorized to view this page</h1>\r\n
You do not have permission to view this directory or page using the
credentials that you supplied because your Web browser is sending a
WWW-Authenticat
e header field that the Web server is not configured to accept.\r\n
<hr>\r\n
<p>Please try the following:</p>\r\n
<ul>\r\n
<li>Contact the Web site administrator if you believe you should be able to
view this directory or page.</li>\r\n
<li>Click the <a href="javascript:location.reload()">Refresh</a> button to
try again with different credentials.</li>\r\n
</ul>\r\n
<h2>HTTP Error 401.2 - Unauthorized: Access is denied due to server
configuration.<br>Internet Information Services (IIS)</h2>\r\n
<hr>\r\n
<p>Technical Information (for support personnel)</p>\r\n
<ul>\r\n
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180";>Microsoft
Product Support Services</a> and perform a title search for the words
<b>HTTP
</b> and <b>401</b>.</li>\r\n
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),\r\n
and search for topics titled <b>About Security</b>, <b>Authentication</b>,
and <b>About Custom Error Messages</b>.</li>\r\n
</ul>\r\n
\r\n
</TD></TR></TABLE></BODY></HTML>\r\n
finished.
""WenJun Zhang[msft]"" <wjzhang@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:$VCTLOwiGHA.4500@xxxxxxxxxxxxxxxxxxxxxxxx
Hi Tim,
I suggest you use webfetch to perform a test and trace the rawdata of http
request/response. It will ensure Kerberos token can be properly sent to
the
server-side.
HOW TO: Use Wfetch.exe to Troubleshoot HTTP Connections
http://support.microsoft.com/default.aspx?scid=kb;en-us;284285
To use, please input:
Host: (Your servername)
Path: (The relative path of your page. e.g: /simple.htm)
Auth: (Select Kerberos and input the proper username/password)
Press Go! to issue a http request to the server and check what response is
returned. You can paste the whole log data here for me to take a look.
Best regards,
WenJun Zhang
Microsoft Online Partner Support
This posting is provided "AS IS" with no warranties, and confers no
rights.
.
- Follow-Ups:
- Re: Kerberos error KDC_ERR_BADOPTION
- From: "WenJun Zhang[msft]"
- Re: Kerberos error KDC_ERR_BADOPTION
- References:
- Kerberos error KDC_ERR_BADOPTION
- From: Tim
- RE: Kerberos error KDC_ERR_BADOPTION
- From: "WenJun Zhang[msft]"
- Re: Kerberos error KDC_ERR_BADOPTION
- From: Tim
- Re: Kerberos error KDC_ERR_BADOPTION
- From: "WenJun Zhang[msft]"
- Kerberos error KDC_ERR_BADOPTION
- Prev by Date: Re: IIS 6.0 Integrated Security
- Next by Date: test a web service?
- Previous by thread: Re: Kerberos error KDC_ERR_BADOPTION
- Next by thread: Re: Kerberos error KDC_ERR_BADOPTION
- Index(es):
