I was presenting " how to configure Kerberos authentication on TIBCO Spotfire®" in Dr. Spotfire webinar and my Spotfire server failed to start with following error signature in server.log
Caused by: KrbException: Client not found in Kerberos database (6) at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:76) at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:316) at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361) at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:776) ... 49 more Caused by: KrbException: Identifier doesn't match expected value (906) at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140) at sun.security.krb5.internal.ASRep.init(ASRep.java:64) at sun.security.krb5.internal.ASRep.<init>(ASRep.java:59) at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:60) ... 52 more
One of the steps while configuring Kerberos is to check if Kerberos tickets are getting generated successfully using "KINIT" tool, you can read more about it here, In my case, even that was failing with the following output
How did I troubleshoot to resolve this issue?
This error means there is an issue either with SPNs or keytab
- I ran Setspn -l <service account> to make sure SPN are registered perfectly
- I ran the following kinit command
kinit.exe HTTP/tssker.east.local@EAST.LOCAL
when you run Kinit <SPN>@DOMAIN it asks for a password, after I put the correct password it was able to create Kerberos ticket successfully, which means I made mistake while creating keytab.
I recreated keytab file by running the correct "KTPASS" command and My Spotfire environment started working successfully.
Recommended Comments
There are no comments to display.