Symantec Access Management

Tech Tip : CA Single Sign-On : Web Agent :: Kerberos : Handling the error "Server not found in Kerberos database" 

  • 1.  Tech Tip : CA Single Sign-On : Web Agent :: Kerberos : Handling the error "Server not found in Kerberos database" 

    Posted 07-05-2018 07:45 AM

    Issue:


    I'm running a Web Agent for Kerberos, and when I request the kerberos
    request, the Web Agent cannot authenticate the user and throw the error

    Failed to create delegated GSSAPI token on behalf
    of HTTP/mysite.domain1.com@MYDOMAIN.COM for
    smps@mysite.domain2.com: Minor Status=-1765328377,
    Major Status=851968, Message=Server not found in
    Kerberos database

    Why do I get this error ?

     

    Environment:

     

    This applies to all CA Single Sign-On versions.
    Resolution:
    You get this error because the domain2.com is not found in the
    krb5.conf file on the Web Agent side.

    Check in the krb5.conf for the domain equivalence configuration. You
    get this error because you don't get the domain2.com configured :

    [domain_realm]
    .domain1.com = MYDOMAIN.COM
    domain1.com = MYDOMAIN.COM

    # you need also the following lines :

    .domain2.com = MYDOMAIN.COM
    domain2.com = MYDOMAIN.COM

    Obviously, make sure that both Web Agent and Policy Server has the
    same krb5.conf configuration as per the "Policy Server Configuration
    Guide 12.52 SP1"


    KB : KB000075014