Re: Kerberos Error Getting Ticket From Domain: krb5kdc_err_s_principal_unknown
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Sat, 24 Jun 2006 02:25:01 -0700
From what you have said it sounds like you are misinterpreting what ishappening. It is not that the DC is not recognizing the domain, but that
it is not recognizing the machine as a member of the domain, and hence
it is not granting a TGT to it. This might be because the join has problems
or perhaps the times are too far out of sync.
"Will" <westes-usc@xxxxxxxxxxxxxx> wrote in message
news:w4WdnfD8c87mBAbZnZ2dnUVZ_sWdnZ2d@xxxxxxxxxxxxxxx
Member server A is contacting domain controller my-dc1 in domain
hq.corp.com. What I am seeing in the sniffer trace is that the member
server asks the my-dc1 domain controller in its role as a Kerberos ticket
granter for a ticket to the domain (i.e., krbtgt/hq.corp.com). The
domain
controller is returning krb5kdc_err_s_principal_unknown. That can't be
good? What is the expected result when a member server asks for a ticket
for the entire domain?
The following line in the trace shows the member server asking for the
Kerberos ticket for the domain controller krbtgt/my-dc1 and this it does
obtain.
What would cause the domain controller to not recognize its own domain in
the Kerberos ticket request?
--
Will
.
- Follow-Ups:
- References:
- Prev by Date: Re: removing user from domain users group doesn't help
- Next by Date: Port requirements for remote shutdown using 'shutdown -s -m \\servername'
- Previous by thread: Kerberos Error Getting Ticket From Domain: krb5kdc_err_s_principal_unknown
- Next by thread: Re: Kerberos Error Getting Ticket From Domain: krb5kdc_err_s_principal_unknown
- Index(es):
Relevant Pages
|
