Announcement

Collapse
No announcement yet.

S2008R2: Kerberos: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • S2008R2: Kerberos: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN

    Hello everyone!

    Am somewhat new to posting here despite having roamed these forums for a while. This time however I've stumbled into an issue I've simply not been able to resolve after quite a few days of research.

    Recently I've acquired a third-party application to interface with Active Directory objects and for security purposes said application requires that Kerberos is working... and this was when I found out that a particular domain I've recently took over does not have Kerberos functioning as it should.

    Every attempt the application commits to interact with my domain controller yields the following error in the DC's event log:

    Code:
    A Kerberos Error Message was received:
     on logon session 
     Client Time: 
     Server Time: 9:31:15.0000 9/17/2010 Z
     Error Code: 0x7  KDC_ERR_S_PRINCIPAL_UNKNOWN
     Extended Error: 
     Client Realm: 
     Client Name: 
     Server Realm: MY-DOMAIN.COM
     Server Name: LDAP/localhost
     Target Name: LDAP/[email protected]
     Error Text: 
     File: 9
     Line: efb
     Error Data is in record data.
    - <Event xmlns="(URL removed due to forum restrictions)">
    - <System>
      <Provider Name="Microsoft-Windows-Security-Kerberos" Guid="{98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}" EventSourceName="Kerberos" /> 
      <EventID Qualifiers="32768">3</EventID> 
      <Version>0</Version> 
      <Level>2</Level> 
      <Task>0</Task> 
      <Opcode>0</Opcode> 
      <Keywords>0x80000000000000</Keywords> 
      <TimeCreated SystemTime="2010-09-17T09:31:15.000000000Z" /> 
      <EventRecordID>8376735</EventRecordID> 
      <Correlation /> 
      <Execution ProcessID="0" ThreadID="0" /> 
      <Channel>System</Channel> 
      <Computer>SERVER-GC1.MY-DOMAIN.COM</Computer> 
      <Security /> 
      </System>
    - <EventData>
      <Data Name="LogonSession" /> 
      <Data Name="ClientTime" /> 
      <Data Name="ServerTime">9:31:15.0000 9/17/2010 Z</Data> 
      <Data Name="ErrorCode">0x7</Data> 
      <Data Name="ErrorMessage">KDC_ERR_S_PRINCIPAL_UNKNOWN</Data> 
      <Data Name="ExtendedError" /> 
      <Data Name="ClientRealm" /> 
      <Data Name="ClientName" /> 
      <Data Name="ServerRealm">MY-DOMAIN.COM</Data> 
      <Data Name="ServerName">LDAP/localhost</Data> 
      <Data Name="TargetName">LDAP/[email protected]</Data> 
      <Data Name="ErrorText" /> 
      <Data Name="File">9</Data> 
      <Data Name="Line">efb</Data> 
      <Binary /> 
      </EventData>
      </Event>
    I've spent a fair bit of time trying to establish what factors could result in the production of this error and most resources I stumble into (particularly Microsoft ones) tend to lay blame on incorrectly set SPN's.

    I did tinker around with the DC's SPN's a fair bit though I have been unsuccessful at resolving this Kerberos error thus far.

    Any assistance with respect to this issue would be highly appreciated!

    Cheers!
Working...
X