I am using kerberos to authenticate a user and its failing. Audit failure details in event viewer are following
A Kerberos authentication ticket (TGT) was requested. Account Information: Account Name: HTTP Supplied Realm Name: TEST.COM User ID: NULL SID Service Information: Service Name: krbtgt/TEST.COM Service ID: NULL SID Network Information: Client Address: ::ffff:184.108.40.206 Client Port: 42062 Additional Information: Ticket Options: 0x40800000 Result Code: 0x6 Ticket Encryption Type: 0xffffffff Pre-Authentication Type: - Certificate Information: Certificate Issuer Name: Certificate Serial Number: Certificate Thumbprint: Certificate information is only provided if a certificate was used for pre-authentication. Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120.
The result code 0x6 means that user doesn't exist in Kerberos database but i have a user already configured in AD. This is windows server 2008 (non-R2) and user account name is "axax" and User logon name is "HTTP/axax.test.com". The domain name is test.com. From wireshark, i can see that my client is sending AS-REQ which has correct 2 name string items HTTP & axax.test.com. I am not sure why is it failing.
I found the problem. There is software bug on Microsoft 2008 (non R2). Issue resolved after installing the hotfix (KB951191).
User contributions licensed under CC BY-SA 3.0