Web Agent returns "CredentialManager returned SmFailure, end new request" when processing Kerberos Authentication Scheme

Document ID : KB000008875
Last Modified Date : 14/02/2018
Show Technical Document Details

We're running SPS, and when a user comes to the Kerberos authentication scheme, then the browser recieves error 500 and the SPS Agent indicates this error : 

[07/27/2017][15:30:15][1168][560][55438e88-26830e23-8b935970-4538d084-9391120d-9][CSmCredentialManager::GatherAdvancedAuthCredentials][SM_WAF_HTTP_PLUGIN-> ProcessAdvancedAuthCredentials returned SmFailure.] 
[07/27/2017][15:30:15][1168][560][55438e88-26830e23-8b935970-4538d084-9391120d-9][ProcessAdvancedAuthentication][CredentialManager returned SmFailure, end new request.] 

How can we solve this?


Policy Server 12.6.01 on Windows 2012R2; Access Gateway (SPS) 12.6.01 on Windows 2012R2;Policy Store on CA Directory 12.6; RDC on Active Directory 2012R2; * all machines in the same Windows domain

Configure the ccache parameter in the krb5.ini :




default_ccache_name = FILE:%{TEMP}\krb5cc_%{uid} 


And also don't forget to add the .kcc in the IgnoreExt ACO parameter to ensure the SPS to trigger the Kerberos processing:



This will solve the issue.