Request to Kerberos enabled webagent results in 500 error and 'Kerberos Credential Cache login failed with service' error message

Document ID : KB000050704
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Request to Kerberos enabled webagent results in 500 error due to credential cache not being initialized

[06/11/2010][14:51:43][2928][2732][0592a8c0-0b70-4c1293cf-0aac-01282047][SmKcc::getCredentials][Kerberos Credential Cache
login failed with service principal HTTP/vm2.test.com@TEST.COM: Key table entry not found]

And

2928/2732][Fri Jun 11 2010 14:51:43][CSmCredentialManager.cpp:235][ERROR] HLA: Analyzer from module 'SM_WAF_HTTP_PLUGIN'
returned unknown response code '-1' for component 'Credential Manager'.
[2928/2732][Fri Jun 11 2010 14:51:43][CSmHighLevelAgent.cpp:873][ERROR] HLA: Component reported fatal error: 'Credential Manager'.

Solution:

Request to Kerberos enabled webagent results in 500 error. This was due to inappropriate encryption type.

Solution is to set the encryption type appropriately in Krb5.ini file. Configure a Kerberos configuration file (Krb5.ini) and place it in the windows system root path.

See the sample krb5.ini below:

[libdefaults]
default_realm = TEST.COM
default_keytab_name = C:\WINDOWS\wasrvwin2k3iis6.keytab
default_tkt_enctypes = rc4-hmac des-cbc-md5
default_tgs_enctypes = rc4-hmac des-cbc-md5
[realms]
TEST.COM = {
kdc = winkdc.test.com:88
default_domain = TEST.COM
}
[domain_realm]
.test.com = TEST.COM
test.com = TEST.COM