Jump to content
  • Kerberos configured Spotfire® server failed to start with "Client not found in Kerberos database (6)" error in server.log


    I was presenting " how to configure Kerberos authentication on TIBCO Spotfire®" in Dr. Spotfire webinar and my Spotfire server failed to start with following error signature in server.log

    Caused by: KrbException: Client not found in Kerberos database (6)
    	at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:76)
    	at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:316)
    	at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
    	at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:776)
    	... 49 more
    Caused by: KrbException: Identifier doesn't match expected value (906)
    	at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
    	at sun.security.krb5.internal.ASRep.init(ASRep.java:64)
    	at sun.security.krb5.internal.ASRep.<init>(ASRep.java:59)
    	at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:60)
    	... 52 more

    One of the steps while configuring Kerberos is to check if Kerberos tickets are getting generated successfully using "KINIT" tool, you can read more about it here, In my case, even that was failing with the following output


    How did I troubleshoot to resolve this issue?

    This error means there is an issue either with SPNs or keytab

    • I ran Setspn -l <service account> to make sure SPN are registered perfectly
    • I ran the following kinit command 
     kinit.exe HTTP/tssker.east.local@EAST.LOCAL

    when you run Kinit <SPN>@DOMAIN it asks for a password, after I put the correct password it was able to create Kerberos ticket successfully, which means I made mistake while creating keytab.


    I recreated keytab file by running the correct "KTPASS" command and My Spotfire environment started working successfully.



    User Feedback

    Recommended Comments

    There are no comments to display.

  • Create New...