GSSAPI Error - Miscellaneous failure - ldap - krbtgt

Similar Messages

• OS X 10.10.2 Mail.app: "GSSAPI Error:  Miscellaneous failure (see text (No credentials cache file found)"

  For an IMAP SSL account, I see the following error in the log every time mail.app checks for new mails:
  23.03.15 09:06:12.782 Mail[5620]: Failed a step of SASL authentication
  SASL(-1): generic failure: GSSAPI Error:  Miscellaneous failure (see text (No credentials cache file found)
  New mails are shown but it takes quite long until they are fetched. These error lines show up several times.
  What causes these errors?
  Andy Brunner

  Solved the problem by myself
  - Disable the automatic recognition of the account settings-

• SASL(-1): generic failure: GSSAPI Error. No Credentials Cache Found

  When I try to use any ldap command line utilties on my Xserve dual G5 running OS X Server 10.4.11, I get any number of errors including:
  SASL/GSSAPI authentication started
  ldapsasl_interactive_binds: Local error (-2)
  additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (No credentials cache found)
  If I run kadmin, or klist as super user I get the same error or similar error
  If I run kdelete and then kinit I don't get an error message, but I still can't log in using the directory administrator account, or even root if I enable the root account.
  The Server Admin tool shows that Kerberos is running and it appears to be working on all the clients on the network (OS X 10.3 and 10.4), but I just can't use the command line. This is frustrating because there are a number of batch tasks I prefer doing with the command line such as ldapadd and ldapmodify. The only command line utility for LDAP that does seem to work is slapcat. Workgroup Admin works as does phpldapadmin.
  Any ideas?
  Message was edited by: Christopher Dart
  Message was edited by: Christopher Dart

  Solved the problem by myself
  - Disable the automatic recognition of the account settings-

• GSSAPI Error Another one

  Hello All
  I'm having a problem to login on my MacServer since yesterday when we got new connection and I had to change my DNS configuration.
  No one can login, and on logs I got this error messages
  To give a brief explanation about the problem, the server has 3 network interfaces 1 for external access (internet) and 2 for our internal networks. So with the new internet connection I had to change the external interface's IP address. So I've also changed it on the DNS (as you can see on the log before it was 172.16.XX.XX). But after that nobody can login.
  System Log
  +DirectoryService[61]: GSSAPI Error: Miscellaneous failure (Server not found in Kerberos database)+
  Kdc Log
  +Jun 18 10:50:09 server.domain.com krb5kdc[242](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 81.145.128.82: ISSUE: authtime 1213782609, etypes {rep=16 tkt=16 ses=16}, [email protected] for krbtgt/[email protected]+
  +Jun 18 10:50:10 server.domain.com krb5kdc[242](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 81.145.128.82: UNKNOWN_SERVER: authtime 1213779829, [email protected] for ldap/[email protected], Server not found in Kerberos database+
  Kadmin command
  +sudo kadmin.local -q listprincs | grep ldap+
  ldap/[email protected]
  My DNS Zone
  +$TTL 86400+
  +domain.com. IN SOA server.domain.com. sysadmin.domain.co.uk. (+
  +2008061818 ; serial+
  +3h ; refresh+
  +1h ; retry+
  +1w ; expiry+
  +1h ) ; minimum+
  +domain.com. IN NS server.domain.com.+
  +domain.com. IN A 99.99.999.99+
  +server IN A 99.99.999.99+
  Inside my /Library/Preferences I've got 2 edu.mit.Kerberos files
  edu.mit.Kerberos
  edu.mit.Kerberos.UrLRdkjIuH7V7yG2QuH8e
  One of them (the UrL*) is empty the other one has this configuration
  +# WARNING This file is automatically created, if you wish to make changes+
  +# delete the next two lines+
  +# autogenerated from : /LDAPv3/127.0.0.1+
  +# generation_id : 1093139664+
  [libdefaults]
  +default_realm = SERVER.DOMAIN.COM+
  [realms]
  +SERVER.DOMAIN.COM = {+
  +kdc = server.domain.com+
  +admin_server = server.domain.com+
  [domain_realm]
  +domain.com = SERVER.DOMAIN.COM+
  +.domain.com = SERVER.DOMAIN.COM+
  [logging]
  +admin_server = FILE:/var/log/krb5kdc/kadmin.log+
  +kdc = FILE:/var/log/krb5kdc/kdc.log+
  I've read all the topics about it but till now I couldn't solve my problem.
  Is anyone able to help me?
  Thanks

  I even tried the online support option using my PlayBook's serial number; when I entered my email address, it said that it failed to recognise it.
  Yet in the tablet it clearly shows the right one.
  I am beginning to have serious doubts about having bought it in the first place.
  Techie Charlie.
  Trying to stay loyal to BlackBerry.
  Currently using BBM on my Android Motorola Moto G

• GSSAPI Error: Server not found in Kerberos database

  Hi all
  For about 3 days I'm now seeing this error message in system.log every 3 minutes:
  DirectoryService: GSSAPI Error: Miscellaneous failure (Server not found in Kerberos database)
  This happens on a fileserver which is connected to an OD server.
  I did a search in this forum and found one thread about it. The advice there was to look in kdc.log to see which principal is failing - but I don't have a kdc.log. The other tip was to use kadmin to get a list of the principals by using
  kadmin.local -q listprincs
  but what I get instead of this list is:
  Authenticating as principal xyz/[email protected] with password.
  kadmin.local: No such file or directory while initializing kadmin.local interface
  It seems that some file is missing, which would explain why DirectoryService can't find the server in the database... I have to confess that I have no idea as to how Kerberos works or how to configure it.
  Authentication against the OD server is working fine, it's just that the errors in the log are getting on my nerves, and they make it difficult to find other, more important messages in system.log.
  Thankas, Tina

  Ah, I see, the kdc.log is on the OD server, not on
  the file server where I was looking for it.
  OK, in the kdc logfile I have a lot of entries like
  these ones:
  Kerberos is an auth system where the user authenticates to the kdc and is issued a TGT (Ticket Granting Ticket). The user then presents their TGT and a service principal (Kerberos name of a server) to the kdc to get a service ticket. The user then sends the service ticket to the server who lets the user in.
  Some interpretation:
  Mar 22 09:18:35 zool09.abc.xy krb5kdc[218](info):
  TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 130.60.23.23:
  UNKNOWN_SERVER: authtime 1143003387,
  [email protected] for krbtgt/[email protected],
  Server not found in Kerberos database
  This (TGS_REQ) is request for a service ticket from 130.60.23.23 using the
  TGT owned by [email protected], to get a service ticket for
  krbtgt/[email protected]. It looks like krbtgt/[email protected] is not in your kdc's database. This looks like a cross realm request.
  If you are also connected to an active directory system you might see something like this.
  Mar 22 09:19:20 zool09.abc.xy krb5kdc[218](info):
  AS_REQ (7 etypes {18 17 16 23 1 3 2}) 130.60.23.11:
  NEEDED_PREAUTH: [email protected] for
  krbtgt/[email protected], Additional
  pre-authentication required
  Mar 22 09:19:20 zool09.abc.xy krb5kdc[218](info):
  AS_REQ (7 etypes {18 17 16 23 1 3 2}) 130.60.23.11:
  ISSUE: authtime 1143015560, etypes {rep=16 tkt=16
  ses=16}, [email protected] for
  krbtgt/[email protected]
  The AS_REQ's above are the two step authentication process for user [email protected] from 130.60.23.11.
  Mar 22 09:19:20 zool09.abc.xy krb5kdc[218](info):
  TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 130.60.23.11:
  UNKNOWN_SERVER: authtime 1143001370,
  [email protected] for
  krbtgt/[email protected], Server not
  found in Kerberos database
  This is another service ticket request. Though the requested service principal looks malformed, I would look for something misconfigured on 130.60.23.11.
  Possibly watch what user zds01 is doing during login to get some idea of what's going on.
  Mar 22 09:19:20 zool09.abc.xy krb5kdc[218](info):
  TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 130.60.23.11:
  UNKNOWN_SERVER: authtime 1143001370,
  [email protected] for
  krbtgt/[email protected], Server not found
  in Kerberos database
  Same as above.
  What do they mean? I didn't set up Kerberos
  authentication, I think I don't need it, is there any
  way to disable it? Or am I using it without knowing
  it??
  When you set up the OD Master, a kdc & the needed files were set up to allow single sign on to all the kerberized services in the system.
  - see if you have an
  /Library/Preferences/edu.mit.Kerberos file
  - Also look for an /etc/krb5.keytab file
  Yes, I have both of them.
  kadmin.local -q listprincs on the OD server gives me
  a long list of computers, users and services like
  this:
  I don't know what these all mean... could you give me
  a brief explanation?
  [email protected]
  When you create a computer record in Workgroup Manager a generic principal name is added to the kdc for that computer. It is related to the host/computer_name@REALM service principal for servers.
  [email protected]
  This is a user principal (this is the account name for the user in the Kerberos system) Sometimes you will see user/admin@REALM.
  afpserver/[email protected]
  This is a service principal. They usually are in the form servicetype/server_dnsname@REALM
  One of the things that Kerberos is very sensitive to is correct DNS configuration. You need to have both forward (name -> IP) and reverse (IP -> name) DNS set up for all the servers in your realm.
  Hope this helps
  - Leland
  DP G4   Mac OS X (10.4.5)  

• GSSAPI Errors and VPN

  I've been getting lots of GSSAPI errors when clients connect via VPN. When clients are connected via VPN DNS doesn't resolve correctly and stability is poor.
  From system.log:
  Jun 26 08:14:39 myservername DirectoryService[60]: GSSAPI Error: Miscellaneous failure (Server not found in Kerberos database)
  From kdc.log:
  Jun 26 08:14:42 FQDN krb5kdc[276](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 10.0.0.4: UNKNOWN_SERVER: authtime 1182832508, MyVPNClient@FQDN for krbtgt/PPS.COM@FQDN, Server not found in Kerberos database
  I see this odd entry when I do a kadmin.local -q listprincs:
  vpn/fqdn@FQDN
  vpn_28e90fc33eff@FQDN
  The second entry seems wrong. Would it be safe to delete it?
  I have so far tried rebuilding the entire server from scratch, demoting Open Directory to Standalone then repromoting back to Open Directory Master. I also tried the procedure in this tread:
  http://discussions.apple.com/thread.jspa?messageID=4240563&#4240563
  Nothing is working!
  Thanks!
    Mac OS X (10.4)  

  Hi iGary
  Except it did appear on a mobile client when
  attempting to bind to the OS X Server directory. This
  mobile client was bound to an Active Directory, do I
  forcibly unbound it and deleted all Kerberos and
  DirectoryService preferences. Now I'm running well.
  I don’t see why not, it can’t hurt.
  Good luck – Tony

• Yosemite Server Mail GSSAPI Error

  Since upgrading client machines to Yosemite, connecting to mac mini server running Yosemite (server v4), I'm seeing this error in the client main log file:
  22/10/2014 12:43:56.579 Mail[7452]: GSSAPI Error:  Miscellaneous failure (see text (No credentials cache file found (negative cache))
  22/10/2014 12:43:56.579 Mail[7452]: Failed to start the SASL connection
  SASL(-1): generic failure: GSSAPI Error:  Miscellaneous failure (see text (No credentials cache file found (negative cache))
  Has anyone else seen this or have any thoughts as how to proceed? Thanks a lot for any pointers in the right direction.
  (ps mail is being sent and received)

  Hi,
  maybe it helps or not, I solve a other performance problem which is more related to the mailbox speed but this error on client side is gone afterwards:
  In Yosemite there is still also a problem with the automatic settings detection in Mail.
  That means that the application try's to find a working authentication mechanism in combination with different ports and encryption.
  So far so good, this feature would be okay but the application never stops to do that. So we are shortly connected but the connection becomes invalid again.
  This leads to performance issues and the application becomes very slow!
  If you refer your client log file maybe you can see some "Failed to start the SASL connection" issues (coming from Mail.app).
  In case that you are running a OS X Server which is used by Mail you will see in /var/log/mail* /Library/Logs/mail* various login failures. In case that you have enabled the Adaptive Firewall it can be happen that your IP is blocked for 15 minutes.
  Of course this must not be a issue for everyone I believe it strongly depends on your email server / provider which auth. stuff is supported or enabled.
  To solve it:
  1.) Open the Mail Preferences
  2.) Goto "Accounts" and select your Provider/Account
  3.) Klick Enhanced (the last right tab)
  4.) Disable the automatic settings detection (first checkbox)
  5.) In case you didn't enable "MailDrop"
  This works in Mail 8.1 on Yosemite 10.10.1

• Hush now slapd.log GSSAPI Errors

  I think we got the GSSAPI errors showing up repeatedly in our slapd.log to go away by stripping out then replacing the LDAP KDC principle and key. Here's how if you'd like to try (at your own risk):
  Remove the LDAP service principal:
  sudo kadmin.local -q 'delprinc ldap/<FQDN>'
  Remove the principal key from the keytab:
  sudo kadmin.local -q 'ktrem ldap/<FQDN>'
  Create a fresh LDAP service principal:
  sudo kadmin.local -q 'addprinc -randkey ldap/<FQDN>@<REALM>'
  Import the new principal key into the keytab file:
  sudo kadmin.local -q 'ktadd ldap/<FQDN>@<REALM>'
  Reboot when convenient. Reloading the slapd didn't seem to enable this
  fix. I did not try reloading both slapd and the krb5kdc.
  (FQDN = Fully Qualified Domain Name. Yes I know you know, but there will be somebody that will message me asking what it means)

  We're seeing them on just about all of our Tiger servers. We are or were having stability issues and this was one of the odd activities taking place. I felt that it was better to clear these just incase they were playing a role in the instability.
  The cause could be that there is something wrong with Apple's integration of OpenLDAP with Kerberos. Somehow OpenLDAP isn't happy with the LDAP principal and key within Kerberos. Refreshing it manually with these commands sorted it.

• SASL Failure  GSSAPI Unspecified GSS Failure

  Installed from scratch. Enabled "Open Directory" and created a regular user account. Unable to remotely login with ssh. Since then I have been trying every option with Workgroup manager.
  At this point, I can't even get authenticated as diradmin. I don't even have the option to stop OpenDirectory. I can access without ssl, e.g.,
  $ ldapsearch -v -x ldap://my.domain.com -b "dc=my,dc=domain,dc=com"
  Note the -x, simple authentication. Both ldaps:// and no -x will fail.
  Must I jump back to the command line utils to solve this?
  Thanks,
  Hank

  Been there done that have the t-shirt.
  Here is how I fixed it.
  Go into Server Manager app.
  Click on Open Directory on the left hand side.
  Click on Settings at the top
  Click on LDAP
  I am assuming you are using SSL for your LDAP connections.
  Uncheck "Enable SSL" and click Save
  Wait 30 seconds
  Check "Enable SSL" and make sure you reselect your SSL cert.
  Click Save
  Your GSSAPI error will be cured until the next time you reboot or start/stop LDAP.
  Then just repeat the process above.
  Hope that helps.
  Another sympton of the GSSAPI error (Key table entry not found) is that your diradmin user will NOT be able to authenticate!
  That's pretty awesome (end sarcasm) and I wish APPLE WOULD FIX THIS as it took a lot of trial and error to figure this out.
  FWIW, I'm using a Go Daddy SSL cert which also requires an intermediate cert.

• Error at configuring LDAP Synch by using post installation steps of OIM

  Hi All ,
  I am getting error while configuring LDAP synch.......
  i am doing LDAP synch by using following link http://docs.oracle.com/cd/E27559_01/integration.1112/e27123/oid_oim.htm#IDMIG4357
  While Running patch_weblogic.sh script i am getting following error
  Error:
  patch:
  explode-archived-apps-was:
  seed-ootb-jobs:
  seed-ootb-jobs:
  [echo] ----> SEEDING OUT OF THE BOX SCHEDULE JOBS AND TRIGGERS
  [java] Exception in thread "main" java.lang.ClassNotFoundException: oracle.jdbc.xa.client.OracleXADataSource
  BUILD FAILED
  /apps/Oracle/Middleware/Oracle_IDM1/server/setup/deploy-files/setup.xml:21: The following error occurred while executing this line:
  /apps/Oracle/Middleware/Oracle_IDM1/server/setup/deploy-files/setup.xml:84: The following error occurred while executing this line:
  /apps/Oracle/Middleware/Oracle_IDM1/server/seed_data/seed-rcu-data.xml:37: Java returned: 1
  Total time: 26 seconds
  *********I can't trouble shoot this error.....because i am not able to find out oracle.iam.scheduler.seed.SeedSchedulerData class is in which jar.
  Please help me to solve this problem
  Regards,
  idmr2

  Open weblogic.profile and change the value for property operationsDB.driver to oracle.jdbc.OracleDriver and retest the issue.

• FRM-41211 Integration error SSL failure

  Hello
  Environment Client/Server Developer 6i.
  i installed developer on a new clinet machine to rum my application. every thing is fine but when he tries to run any report the following error occured:-
  FRM-41211 Integrarion error SSL failure runing another product.
  and i have re-install the devloper but the error is stand.
  any solution?
  regards
  aaks

  As Petr said make sure you're reports25_tmp is set in your registry and that the directory exists AND you have the rights to write to that directory.
  You can also get this error if you try to issue a 2nd asynchronous run_product call to run a report and there is another one running. For this, Oracle has two 'solutions'.
  1) Do not run more then one asynchronous report per session
  or
  2) Use a delay loop before calling the next report.
  It's been my experience that #2 is worthless as, if it works, is doing pretty much the same thing as #1. I really hope this gets fixed (for good) at some point...somehow. <G>
  Chad

• FRM-41211: Integration Error: SSL failure running another product Error

  Hai,
  I am developing POS Application in Oracle(Forms6i/Reports6i). I design the Invoice Print Format in Reports6i and call from the Invoice Form. When the
  user save the Invoice I Commit the Invoice and call the Invoice Report for Printing Immediately. I use Epson TM U210B Label Printer for Billing. Sometimes the Invoice Print is not coming in the Printer and it gives the
  following error(especially the First print after restart the computer).
  FRM-41211: Integration Error: SSL failure running
  another product
  After that if you print further for transaction no plm. only it gives the error first time of print
  So Please give the solutions immediately. I am waiting for Ur favourable Reply.
  Ur's Shahul

  As Petr said make sure you're reports25_tmp is set in your registry and that the directory exists AND you have the rights to write to that directory.
  You can also get this error if you try to issue a 2nd asynchronous run_product call to run a report and there is another one running. For this, Oracle has two 'solutions'.
  1) Do not run more then one asynchronous report per session
  or
  2) Use a delay loop before calling the next report.
  It's been my experience that #2 is worthless as, if it works, is doing pretty much the same thing as #1. I really hope this gets fixed (for good) at some point...somehow. <G>
  Chad

• Run report --- Integration Error ----SSL failure

  I have a form that call a report through the Run_Product Built, this works fine on Developer 6 version, but after I upgraded to 6i, everytime I press the buttonn that call the report, an error message will appear that say "FRM-41211 Integration Error SSL failure running another product" after the Report Background Engine appeared. And the report will not start.
  But if I press the button again, all will be fine.
  Does anyone know what happens ?
  PLease help!!!!

  It is a bug in Forms 6i and possible workaround (from Metalink) is:
  WORKAROUND as follows :
  This brings up the Background Engine on startup and minimizes it.
  1. Create a shortcut for rwrbe60.exe and do a CTRL+C to copy it.
  2. Right click on the TASK BAR at the bottom of the screen and get the TASKBAR
  Properties box up.
  3. Select ADVANCED
  4. Expand Tree for PROGRAMS.
  5. Click of STARTUP folder.
  6. Do a CTRL+V to Paste in the Shortcut to rwrbe60.exe.
  7. Right Click on Shortcut and select Properties.
  8. Click Shortcut Tab.
  9. Make sure of the following fields are as follows:
  TARGET : {drive}:\{path}\rwrbe60.exe /c
  START IN : Is the location of your Reports and Forms.
  SHORTCUT KEY : None
  RUN : MINIMIZED

• Integration error SSL failure running another product. - Urgent

  Anybody knows what could be the possible problem and how to solve it. This error is coming when I am running RUN_PRODUCT built-in forms 6i, that application was running for 2 years in Forms 5, without any problem.
  I have included the message what Forms doucmentaion had.
  FRM-41211: Integration error: SSL failure running another product.
  Cause: There is a problem detected when launching another product.
  Action: Check the RUN_PRODUCT built-in.
  Level: 99
  Type: Error
  null

  I got this error when I was using 4.5, it may be caused by the
  correctness of report_path in registry.
  Regards,
  George
  Anybody knows what could be the possible problem and how to solve it. This error is coming when I am running RUN_PRODUCT
  built-in forms 6i, that application was running for 2 years in
  Forms 5, without any problem.>I have included the message what
  Forms doucmentaion had.>FRM-41211: Integration error: SSL
  failure running another product.>Cause: There is a problem
  detected when launching another product. >Action: Check the
  RUN_PRODUCT built-in. >Level: 99 >Type: Error >null

• Integration error SSL failure running another product

  Dear All,
  I am facing some problem while running reports from forms
  SERVER:
  •     OPERATING SYSTEM: Windows.8
  •     Database: ORACLE 11g
  •     Forms & Reports = 6i.
  In form when click any report button to call report some time error comes.
  FRM-41211: integration error SSL failure running another productAnd user can not print the report,

  Forms/Reports 6i on Windows 8? I very much doubt that this is going to work. The last supported OS for Forms/Reports 6i was Windows XP.
  You might have some luck with a non-supported workaround:
  http://windows7bugs.wordpress.com/2012/08/25/windows-8-oracle-developer-suite-6i-patch-18/