Forum Discussion

Nimbostratus

Nov 02, 2015

"Kerberos: can't get S4U2Self ticket for user test.user@TEST.DOMAIN.COM - Server not found in Kerberos database (-1765328377)"

I am having a problem - I think I have everything configured right - it gets the TGT ticket without a problem so I know the clock and all the other Kerberos settings are correct. Anyone seen anything...

Steve_Janetzke_

Nimbostratus

We were able to figure it out. We had to add the "host/apmkerb.svc" as an SPN for apmkerb.svc even though it got a TGT for host/apmkerb.svc@TEST.DOMAIN.COM when it tried to fetch the S4U ticket it first sent a TGS to the domain with that Sname. A packet capture on the DC revealed it and it is now fetching the S4U ticket correctly.

RecontuerSG_258

Historic F5 Account

Dec 19, 2016

Thank you for responding, Kees. Is the Kerberos database same as Active Directory database? Is a keytab file required? The Kerberos-F5 guide I am reading did not mention about keytab file and I am using 12.1.1 version of LTM. "davis" is part of Active Directory..

Forum Discussion

"Kerberos: can't get S4U2Self ticket for user test.user@TEST.DOMAIN.COM - Server not found in Kerberos database (-1765328377)"

Recent Discussions

Citrix XenServer Big-IP Upgrade help

Hi All, We have viprion 4300 with 4450 blades with 6 blades all blades having same configuration

BWC iRule

Can iRule be used to perform exception of IPI category based on Geolocation

help irules for compatibilty

Related Content

502 (bad gateway) error with Kerberos SSO in "Clientless" mode when authenticating with WCF services

Kerberos "Max Logon Attempts" Meaning

APM "Remote Desktop Web Access" Kerberos SSO option

Certificate Expiry Email alert configuration

Securing Applications using mTLS Supported by F5 Distributed Cloud