Kerberos: Error getting cross-realm tgt, Windows Server 2003
Hi, hope anyone can help with the following: I'm getting the error below whenever a Java GSS-based application tries to obtain a cross-realmticket from the local AD domain to another AD domain running onWS2003SP2: Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWNExtended Error: Client Realm: Client Name: Server Realm: LOCAL.DOMAIN.COMServer Name: cifs/local.domain.domTarget Name: cifs/local.domain.com@LOCAL.DOMAIN.COMFrom the Java log I can see that whatthe app.actually asks for is 'krbtgt/domain.com@LOCAL.DOMAIN.COM', i.e. a cross-realm tgt from LOCAL.DOMAIN.COM to 'domain.com' (asthe first step in the process to get a ticket for aservice on 'domain.com'). Thetwo AD domainsare in the same forest and have been set up with mutual trust. Can anyone tell my why/how a request for the SPN'krbtgt/...' results in a failure on 'cifs/...'? What can I do to debug this issue? Thanks in advance /Ren
January 17th, 2008 6:34pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics