Web Agent returns "CredentialManager returned SmFailure, end new request" when processing Kerberos Authentication Scheme

Document ID : KB000008875
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

We're running SPS, and when a user comes to the Kerberos authentication scheme, then the browser recieves error 500 and the SPS Agent indicates this error : 

[07/27/2017][15:30:15][1168][560][55438e88-26830e23-8b935970-4538d084-9391120d-9][CSmCredentialManager::GatherAdvancedAuthCredentials][SM_WAF_HTTP_PLUGIN-> ProcessAdvancedAuthCredentials returned SmFailure.] 
[07/27/2017][15:30:15][1168][560][55438e88-26830e23-8b935970-4538d084-9391120d-9][ProcessAdvancedAuthentication][CredentialManager returned SmFailure, end new request.] 

How can we solve this?

 

Environment:
Policy Server 12.6.01 on Windows 2012R2; Access Gateway (SPS) 12.6.01 on Windows 2012R2;Policy Store on CA Directory 12.6; RDC on Active Directory 2012R2; * all machines in the same Windows domain
Resolution:

Configure the ccache parameter in the krb5.ini :

 

C:\windows\krb5.ini 

[libdefaults] 

default_ccache_name = FILE:%{TEMP}\krb5cc_%{uid} 

 

And also don't forget to add the .kcc in the IgnoreExt ACO parameter to ensure the SPS to trigger the Kerberos processing:

IgnoreExt=.class,.gif,.jpg,.jpeg,.png,.fcc,.scc,.sfcc,.ccc,.ntc,.sac,.css,.kcc

 

This will solve the issue.