Issue:
I'm running a Web Agent for Kerberos, and when I request the kerberos
request, the Web Agent cannot authenticate the user and throw the error
Failed to create delegated GSSAPI token on behalf
of HTTP/mysite.domain1.com@MYDOMAIN.COM for
smps@mysite.domain2.com: Minor Status=-1765328377,
Major Status=851968, Message=Server not found in
Kerberos database
Why do I get this error ?
Environment:
This applies to all CA Single Sign-On versions.
Resolution:
You get this error because the domain2.com is not found in the
krb5.conf file on the Web Agent side.
Check in the krb5.conf for the domain equivalence configuration. You
get this error because you don't get the domain2.com configured :
[domain_realm]
.domain1.com = MYDOMAIN.COM
domain1.com = MYDOMAIN.COM
# you need also the following lines :
.domain2.com = MYDOMAIN.COM
domain2.com = MYDOMAIN.COM
Obviously, make sure that both Web Agent and Policy Server has the
same krb5.conf configuration as per the "Policy Server Configuration
Guide 12.52 SP1"
KB : KB000075014