I'm running a Web Agent for Kerberos, and when I request the kerberos request, the Web Agent cannot authenticate the user and throw the error Failed to create delegated GSSAPI token on behalf of HTTP/mysite.domain1.com@MYDOMAIN.COM for firstname.lastname@example.org: Minor Status=-1765328377, Major Status=851968, Message=Server not found in Kerberos database Why do I get this error ?
This applies to all CA Single Sign-On versions. Resolution: You get this error because the domain2.com is not found in the krb5.conf file on the Web Agent side. Check in the krb5.conf for the domain equivalence configuration. You get this error because you don't get the domain2.com configured : [domain_realm] .domain1.com = MYDOMAIN.COM domain1.com = MYDOMAIN.COM # you need also the following lines : .domain2.com = MYDOMAIN.COM domain2.com = MYDOMAIN.COM Obviously, make sure that both Web Agent and Policy Server has the same krb5.conf configuration as per the "Policy Server Configuration Guide 12.52 SP1"
KB : KB000075014