Kerberos service ticket was requested
I got the following message in my event viewer. can anyone advise on this?
A Kerberos service ticket was requested.
Account Information:
Account Name:
Account Domain:
Logon GUID:
{00000000-0000-0000-0000-000000000000}
Service Information:
Service Name:
Service ID:
NULL SID
Network Information:
Client Address:
192.168.0.57
Client Port:
1154
Additional Information:
Ticket Options:
0x40800000
Ticket Encryption Type:
0xffffffff
Failure Code:
0x25
Transited Services:
This event is generated every time access is requested to a resource such as a computer or a Windows service. The service name indicates the resource to which access was requested.
This event can be correlated with Windows logon events by comparing the Logon GUID fields in each event. The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket.
Ticket options, encryption types, and failure codes are defined in RFC 4120.
thanks,
Ashley
Yeah… Code: 0x25 Clock skew too great. Workstation’s clock too far out of sync with the DC’s. refer:http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4771
Best,
Howtodo
Similar Messages
-
Kerberos Service tickets & Service server
Hi,
I've implemented a simple hello_world.java application (on Windows) that gets authentified by the KerberosLoginModule by the Kerberos Keytab (not the TGT!).
- That Keytab was built on a Microsoft Server 2003 using "ktpass".
- The name of the application "hello_world" was added in Active directory using setspn.exe (necessary if I want to use Kerberos Service Tickets) for an user account.
At the moment every account can launch the application.
But how can I:
1- Make that application require and use the service ticket to allow just 1 user to launch the application?
2- Prevent/Deny all the others.
and also:
3- From the user account, establish the communication with the KDC (TGS) to acquire Service Tickets?
---> I want that application to require the Kerberos Service Ticket from the user AND decrypt it by using the keytab (to finally allow access to the user).
Any suggestions for a newbie like me are all welcome..
Thanks !what do you mean "launch the application"? If it's a class or a jar readable by all, then everyone can launch it. if your "launch" means it can authenticate itself and goes on, maybe you can simply make the keytab file readable by a single user.
Anyway this looks a little strange. Normally JGSS programs have a client and a server, the client need to authenticate itself to the server, and request the server to do something. If you have only one program, user may alter the configuration (say, appointing another KDC), trick the program to believe it passes the authentication stage, and goes on. -
I am trying to connect to SharePoint in my Office 365 environment by following https://support.office.com/article/Set-up-the-SharePoint-Online-Management-Shell-environment-7b931221-63e2-45cc-9ebc-30e042f17e2c and I am getting:
Connect-SPOService : The Application ID (AppID) for which the service ticket is requested does not exist on the system.
Is there some setting I need to change on the O365 side? Thanks.Hi,
Based on your description, my understanding is that you want connect SharePoint Online using PowerShell.
Please make sure that the following software is installed.
Windows Management Framework 3.0
SharePoint Online Management Shell
And then, open the SharePoint Online Management Shell and use the Script below to test
whether it works.
$User = "[username]@[tenant].onmicrosoft.com"
$Pass = "[password]"
$creds = New-Object System.Management.Automation.PSCredential($User,(ConvertTo-SecureString $Pass -AsPlainText -Force));
Connect-SPOService -Url https://[tenant]-admin.sharepoint.com -Credential $creds
Get-SPOSite
More information:
http://blog.falchionconsulting.com/index.php/2013/01/using-powershell-to-manage-sharepoint-2013-online/
Thanks,
Dennis Guo
TechNet Community Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Dennis Guo
TechNet Community Support -
I have just downloaded and installed Thunderbird on a new Windows 8 omputer. I get the message in the headline when I press the Get Mail button
What do you have for Connection security and Authentication method in Tools(or AppMenu/Options)/Account Settings/<i>accountname</i>/Server Settings? What is the POP server - does it support Kerberos/GSSAPI?
-
Java GSS API - Kerberos - Receive timed out when requesting service ticket.
Hi,
I'm following the following exercises about Kerberos/JGSS-API :
http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/lab/
On exercise 3, I get an exception (when requesting a service ticket) from the client side:
"+Exception in thread "main" java.security.PrivilegedActionException: GSSException: No valid credentials provided (Mechanism level: Receive timed out)
etc.+"
This seems to happen when the GSSContext.initSecContext(...) method is called.
The server side receives the client connection:
"+Waiting for incoming connection...+
+Got connection from client /xxx.xxx.x.xxx+"
But then displays the following exception:
"+Exception in thread "main" java.security.PrivilegedActionException: java.net.SocketException: Connection reset
etc.+"
I checked my KDC (win 2003 Server SP2) and added SPNs with setspn but the error remains.
Any suggestion are more than welcome !The TGT is already present on my Client machine because it is acquired automaticaly from the KDC during the Windows opening session.
I use then JAAS to access the LSA and obtain the TGT - This doesn't need any further connection to the KDC.
But the Service Ticket is requested to the KDC by my client machine..
Here is the complete output (Client side) after I destroyed the tickets (with Kerberos MIT Leash.exe and/or kdestroy.exe ):
Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Acquire TGT from Cache
+>>>KinitOptions cache name is C:\Documents and Settings\user.MYDOMAIN\krb5cc_user+
+>> Acquire default native Credentials+
+>>> Obtained TGT from LSA: Credentials:+
[email protected]
server=krbtgt/[email protected]
authTime=20080529135209Z
startTime=20080529135209Z
endTime=20080530015209Z
renewTill=20080702135209Z
flags: FORWARDABLE;RENEWABLE;INITIAL;PRE-AUTHENT
EType (int): 23
Principal is [email protected]
Commit Succeeded
+Authenticated principal: [[email protected]]+
Connected to address host1/xxx.xxx.x.xxx
Found ticket for [email protected] to go to krbtgt/[email protected] expiring on Fri May 30 03:52:09 CEST 2008
Entered Krb5Context.initSecContext with state=STATE_NEW
Found ticket for [email protected] to go to krbtgt/[email protected] expiring on Fri May 30 03:52:09 CEST 2008
Service ticket not found in the subject
+>>> Credentials acquireServiceCreds: same realm+
Using builtin default etypes for default_tgs_enctypes
default etypes for default_tgs_enctypes: 3 1 23 16 17.
+>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType+
+>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType+
+>>> KrbKdcReq send: kdc=yyy.yyy.y.y UDP:88, timeout=30000, number of retries =3, #bytes=1262+
+>>> KDCCommunication: kdc=yyy.yyy.y.y UDP:88, timeout=30000,Attempt =1, #bytes=1262+
SocketTimeOutException with attempt: 1
+>>> KDCCommunication: kdc=yyy.yyy.y.y UDP:88, timeout=30000,Attempt =2, #bytes=1262+
SocketTimeOutException with attempt: 2
+>>> KDCCommunication: kdc=yyy.yyy.y.y UDP:88, timeout=30000,Attempt =3, #bytes=1262+
Exception in thread "main" java.security.PrivilegedActionException: GSSException: No valid credentials provided (Mechanism level: Receive timed out)
+ at java.security.AccessController.doPrivileged(Native Method)+
+ at javax.security.auth.Subject.doAs(Subject.java:396)+
+ at SimpleAuthzz2.loginAndAction(SimpleAuthzz2.java:56)+
+ at SimpleGssClient.main(SimpleGssClient.java:36)+
SocketTimeOutException with attempt: 3
Caused by: GSSException: No valid credentials provided (Mechanism level: Receive timed out)
+ at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:659)+
+ at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:213)+
+ at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:158)+
+ at SimpleGssClient$GssClientAction.run(SimpleGssClient.java:121)+
+ ... 4 more+
Caused by: java.net.SocketTimeoutException: Receive timed out
+ at java.net.PlainDatagramSocketImpl.peekData(Native Method)+
+ at java.net.DatagramSocket.receive(DatagramSocket.java:662)+
+ at sun.security.krb5.internal.UDPClient.receive(UDPClient.java:77)+
+ at sun.security.krb5.KrbKdcReq$KdcCommunication.run(KrbKdcReq.java:278)+
+ at java.security.AccessController.doPrivileged(Native Method)+
+ at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:195)+
+ at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:140)+
+ at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:106)+
+ at sun.security.krb5.KrbTgsReq.send(KrbTgsReq.java:215)+
+ at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:293)+
+ at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:106)+
+ at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:561)+
+ at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:585)+
+ ... 7 more+
It seems like the TGT is still present in the cache, even if Leash displays "no tickets".
Meanwhile, in the KDC-server side:
-What is the correct spn to add? C:\setspn GssServer/host1 user ? (I in fact tried many possibilities)..
-Is there any other special configuration to do in the KDC ?
Thanks a lot! -
Service ticket in servicepro profile
Hi experts,
I'm working with CRM 2007 and I want to know if is it possible to use service ticket in servicepro profile? How can I do that? The service ticket is only for "IC" profile?
Best regards,
Caíque EscalerHi
Service Ticket UI component as you mentioned is only available in ICWebclient Profile. In WebUI it is possible to open any transactions in any UI components related to transaction because they all follow the same BOL model. ie Service Ticket can be opened in UI compoent for activity, Service Request etc..
I have worked on a scenario where Service Ticket was opened in Service Request component. FYI, SAP recommends migrating from Service Ticket to Service Request.
To open Service Ticket in Service Request framework (SRQM_INCIDENT_H). You have to do the following
a. Search.
It depends on if you are planning to use Service Request search or Worklist. In either case you will have to implement the BADI (Enhancement Spot) ES_CRM_RF_Q1O_SEARCH. This implementation is done so that instead of service Request you search for Service Ticket and return the guid.
b. Display
To display the Service Ticket in Service Request framework, you have to call dynamic navigation with selected entity and the UI component in the event handler on selecting item in the result list.
CALL METHOD cl_crm_ui_descriptor_obj_srv=>create_entity_based
EXPORTING
ir_entity = <ls_recent_object>-entity "Reference to Service ticekt
iv_ui_object_type = <ls_recent_object>-object_type " UI Object type for Service Request
iv_ui_object_action = <ls_recent_object>-action
RECEIVING
rr_result = lr_descr_object.
CATCH cx_root.
ENDTRY.
ENDIF.
IF lr_descr_object IS NOT BOUND.
RETURN.
ENDIF.
CREATE OBJECT lr_coll TYPE cl_crm_bol_bo_col.
IF lr_coll IS BOUND.
lr_coll->add( lr_descr_object ).
lr_window ?= me->view_manager->get_window_controller( ).
IF lr_window IS BOUND.
lr_window->call_outbound_plug( iv_outbound_plug = 'navigate' "#EC NOTEXT
iv_data_collection = lr_coll ).
c. Recent Edits
You will need to force Recent eidts also to save appropriate UI component in CRMD_SHORTCUT Table otherwise it will open in ICWebclient UI compoent. Check UI Component CRM_BSP_RECOBJ
You can also open service ticket in Service Order component. You will need to manually call the Time Reporting views whcih are are available in ICWebclient ptofile. -
Listening to Service ticket creation event
Hi,
I have a requirement to check the ticket details and populate one field as per the ticket details. This operation has to be done on the below scenario.
u2022 A service ticket is generated and already has a property confirmed
u2022 A property(iObject) is confirmed for a new service ticket
u2022 The property(iObject) is changed on the service ticket
u2022 The service ticket is saved .
We can handle the scenario 2 and 3 from UI. But I do not know how to handle the scenario 1 i.e. whenever a service ticket is generated. Is there an event which gets raised whenever a service ticket is generated ?
For scenario 4, I am planning to invoke the required operation in the save button code which is available in UI. But when agent ends call, then also the service order gets saved. Is there a way I can invoke my code just before save ?
Regards,
Manas.
Edited by: manas sahoo on Aug 6, 2008 9:44 AMHello Manas,
Check if this suggestions may help you.
For scenario 1, you can check method IP_INBOUNDPLUG of your service ticket controller class. Maybe there you'll understand if a new bol entity for the service ticket was created or not.
For scenario 4, you can use ORDER_SAVE badi. This BADI was 3 methods to manipulate a document before you saving it. See it to check if any of those three can help you.
Kind regards.
Bruno -
Hey,
Has anyone seen this "alert" coming from the domain controllers?
Service ticket request failed
I want to false positive it out because I've investigated.
But I'd rather go to the server guys with a fix ...Yes your understanding is correct. The recommended approach is to tune out all the unneeded raw events at the reporting device itself.
This will save both the network and MARS from unnecessary traffic. You can find more details about this error at the following:
http://support.microsoft.com/kb/824905
http://technet.microsoft.com/en-us/library/bb742435.aspx
Regards
Farrukh -
Service ticket creation through web request
Hello,
I just need to know if there is any standard CRM functionality to serve the form and to create the service ticket ?
Regards
SachinHi Gagan
Could you please share with your solution, i am kind looking help in same are. We are using CRM 7.0, but i can not find BOL component which is ISUSRV.
My requirement is to create Service Order from Webclient, example meter problem reporting, etc
Please kindly reply or by email shankar no dot vangari at gmail com
regards
shankar -
Not able to edit service ticket (complaint) in CRM
Hi,
The service ticket (complaint) in CRM has been replicated to R/3 as credit memo request, but the document in CRM is not able to edit. The error message is " Document is being processed, not possible to edit".
I checked in SMW01, those tickets are unprocessed status, tried to reprocess but not to edit the document. Also tried to manully send to R/3 using toolbox transacton but no luck. I tried to push stucked queues in CRM but not moving.
Pls suggest me what is the way to reprocess the stucked BDoc in CRM.
Regards,
Ram.Hi Sandeep,
This happens when the document is distributed to ERP Systems. There are certain Item Categories that are sent to ERP System and only once the confirmations comes from those system you can further process those document.
You won't find any errors there.
You can check the BDOC Entries and then can find the target system where the document was distributed. And then logon onto that system and release that document.
Hope this helps.
Thanks,
Samantak. -
Create a follow-up of a Service Ticket
Hi,
I need to implement a script to create a follow-up of a Service Ticket to a service contract. Therefore I need to implement an Action Class to run in the ICWebClient.
I'm facing some problems and I didin't managed to find a suitable class / function to automate it.
I've tried:
Method: EH_ONCREATEFOLLOWUP of the class CL_CRM_IC_SRVTFOLLOWUP_IMPL, from the view SrvTFollowUp. I've adapted the the requested custom_controller but without sucess - somewhere during the process I was catching a missing handler exception.
I also tried to use the functions:
'CRM_IST_COPY_ORDER_TO_CONTRACT'
'COM_PCAT_COPY_DOCUMENTS'
'CRM_ORDER_READ' -> 'CRM_COPY_EXTERNAL_ORDER_OW'
and some others but with no luck as well.
Did anyone had the same problem before? I would apreciate some new ideas!Hi,
The Service Ticket itself is Service Order. The difference between them is that the Service Ticket does not have Item Category which is present in the Service Order.
Between your transaction code maintian the copy controls.
Hope it helps.
Regards,
Rajiv -
Object for interaction records, service tickets and follow-up activities
Hi,
I need business objects or Function modules(anything) that contains the data realted to interaction records, service tickets, and follow-up.Please help me by mailing to my mail [email protected]My question was answered by Experts.
1.I tried with the code to retirve GUID,HEADER/ITEM Guid's related to the BPnumber from CRMF_ORDER_INDEX table.
2.I have stored header/item GUID's in different internal tables and append all the values that fetched above with in the loop.
3. Clear header/item guid's,that they can have next value in the loop.(Important)
4.Next step call the FM CRM_ORDER_READ with in the loop and assign import/export parameters.
4.Display the records.
Thanks for Everything......... -
Interaction records,Service tickets,Follow-up activities
hi all!
I need objects (FM, BDocs...Etc...) that related to interaction records, service tickets, follow-up activities of the business partners.
can anybody help me out.
regards
sachinMy question was answered by Experts.
1.I tried with the code to retirve GUID,HEADER/ITEM Guid's related to the BPnumber from CRMF_ORDER_INDEX table.
2.I have stored header/item GUID's in different internal tables and append all the values that fetched above with in the loop.
3. Clear header/item guid's,that they can have next value in the loop.(Important)
4.Next step call the FM CRM_ORDER_READ with in the loop and assign import/export parameters.
4.Display the records.
Thanks for Everything......... -
RRoCE v2.0 mode was requested, but it is not supported.
Customer is using N5k, connecting W2012 R2 host, as well as a W2012 R2 host acting as a SMB3 fileserver.
They use RDMA over Converged Ethernet (RoCE), and receive the following error message
SingleFunc_32_0_0: RRoCE v2.0 mode was requested, but it is not supported. The NIC starts in RRoCE v1.5 mode.
NOTE: If your environment contains mix of different NIC types, you need to make sure that the whole environment is configured to use the same RoCE mode,
otherwise the traffic between the different NICs does not work.
interface Ethernet1/13
priority-flow-control mode on
flowcontrol send off
flowcontrol receive off
end
Global QoS Config
class-map type qos match-any class-rdma
match cos 3
class-map type queuing class-rdma
match qos-group 4
policy-map type qos rdma-policy
class class-rdma
set qos-group 4
class class-default
policy-map type queuing rdma-queuing-policy
class type queuing class-rdma
bandwidth percent 60
class type queuing class-default
bandwidth percent 40
class-map type network-qos class-rdma
match qos-group 4
policy-map type network-qos rdma-network-policy
class type network-qos class-rdma
pause no-drop
class type network-qos class-default
multicast-optimize
system qos
service-policy type network-qos rdma-network-policy
nterface Ethernet1/13
service-policy type qos input rdma-policy
service-policy type queuing input rdma-queuing-policy
service-policy type queuing output rdma-queuing-policy
The end to end link is not working ? Any hints what could be wrong ?http://www.mozilla.com/en-US/firefox/4.0/system-requirements/
Mac
Operating Systems
* Mac OS X 10.5
* Mac OS X 10.6
Recommended Hardware
* Macintosh computer with an Intel x86 processor
* 512 MB of RAM
* 200 MB hard drive space
For older Macs that aren't supported in Firefox 4.0, try TenFourFox for PowerPC's running Mac 10.4.11 & 10.5.8 . <br />
http://www.floodgap.com/software/tenfourfox/
Or revert to Firefox 3.6.16, which is available here: <br />
http://www.mozilla.com/en-US/firefox/all-older.html -
CRM 5.0 Incoming Email - Creation of a Service Ticket
Hi Gurus
For an incoming email I've managed to configure ERMS to create a Service Ticket.
A number of values are however not correct or missing entirely.
Is it possible to correctly populate the Multi-Level Categorization for the Service Ticket and if so how.
Many Thanks in advance
Regards
PandurangaHello Panduranga,
We've implemented a requisite very similiar to yours in version 4. We've created a new class, to a new ERMS service, to be added in our ERMS profile manager.
The way we filled the service ticket categorization was by doing the following:
Each node at category modeler must be associated to a subject code (combination of technical fields katalogartcodegruppecode). So, all you have to do when you're creating a new service ticket is to indicate your subject code to CRM_ORDER_MAINTAIN importing parameter: it_service_os.
Something like this:
ls_subject-ref_handle = gv_handle.
ls_subject-katalogart = iv_katalogart. "KATALOGART
ls_subject-codegruppe = iv_codegruppe. "CODEGRUPPE
ls_subject-code = iv_code. "CODE
ls_subject-mode = 'A'.
APPEND ls_subject TO lt_subject.
ls_osset-ref_handle = gv_handle + 1.
ls_osset-subject = lt_subject.
ls_osset-subject_profile = lv_service_h-subject_profile. "YOUR SUBJECT PROFILE - TO GET IT USE FM CRM_ORDER_SERVICE_H_SELECT_CB
ls_osset-profile_type = 'A'.
APPEND ls_osset TO ls_service_os-osset.
ls_service_os-ref_handle = gv_handle.
ls_service_os-ref_kind = 'A'.
APPEND ls_service_os TO gt_service_os.
ls_input_field-ref_handle = gv_handle.
ls_input_field-ref_kind = gc_object_kind-orderadm_h.
ls_input_field-objectname = gc_object_name-service_os.
ls_input_field_names-fieldname = 'CODE'.
INSERT ls_input_field_names INTO TABLE ls_input_field-field_names.
ls_input_field_names-fieldname = 'CODEGRUPPE'.
INSERT ls_input_field_names INTO TABLE ls_input_field-field_names.
ls_input_field_names-fieldname = 'KATALOGART'.
INSERT ls_input_field_names INTO TABLE ls_input_field-field_names.
INSERT ls_input_field INTO TABLE gt_input_fields.
Then all you have to do is to use internal table gt_service_os as it_service_os at CRM_ORDER_MAINTAIN.
Hope that this helps. If not, just write back and If I can, I'll help you
Kind regards and good luck.
Bruno
Edited by: Bruno Garcia on Aug 21, 2008 3:20 PM
Maybe you are looking for
-
What am I going to need to set meta data
Hey folks. My endless quest to complete a program I have been writing for ages has at the moment brought me to this problem... I am using lucene to search through a pile of text documents. Its great. Problem is I also have piles of images... :-( thes
-
Hide Drill down button in CR 8.8 when Print out
Hi everyone! I design template by Crystal report for SAP 8.8 and use drill down function for this template. It work fine, but when i print out on papar, i don't want to print this button. How can i do this! Thanks!
-
How can i configure Internal Challan-J1INCHLN?
Hi, In Withholding Tax-for internal challan-J1INCHLN, what configuration do i need to do? Kindly help me. Thanks KB
-
Function Module to find number of days
Hi, In my program I need to calculate the number of working days, ie days excluding Saturday and Sunday s Also excluding the holidays if any. Could you please suggest me a way to find the same. A code snippet would be very appreciating
-
Quick Slideshow not working in Library Module
Quick Slideshow <Ctrl + Enter> does not run in Library Mode? The Module tips in the Slideroom module state that it does,but I can not get it to run. I use this all the time as a first step to edit. Windows Vista 32 bit. Thanks