Web Agent :: Kerberos : Handling the error "Server not found in Kerberos database"

Document ID : KB000075014
Last Modified Date : 05/07/2018
Show Technical Document Details
Issue:
I'm running a Web Agent for Kerberos, and when I request the kerberos
request, the Web Agent cannot authenticate the user and throw the error

   Failed to create delegated GSSAPI token on behalf
   of HTTP/mysite.domain1.com@MYDOMAIN.COM for
   smps@mysite.domain2.com: Minor Status=-1765328377,
   Major Status=851968, Message=Server not found in
   Kerberos database 

Why do I get this error ?
 
Environment:
This applies to all CA Single Sign-On versions.
Resolution:
You get this error because the domain2.com is not found in the
krb5.conf file on the Web Agent side.

Check in the krb5.conf for the domain equivalence configuration. You
get this error because you don't get the domain2.com configured :

[domain_realm]
    .domain1.com = MYDOMAIN.COM
    domain1.com = MYDOMAIN.COM

# you need also the following lines :

    .domain2.com = MYDOMAIN.COM
    domain2.com = MYDOMAIN.COM

Obviously, make sure that both Web Agent and Policy Server has the
same krb5.conf configuration as per the "Policy Server Configuration
Guide 12.52 SP1"