-
Title
Authentication stopped working and vas_status reports error, "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN -
Description
Authentication stopped working and vas_status reports error, "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN (-1765328378) Client not found in Kerberos database."
Rejoining the system allows authentication to start working again, but then the error returns. -
Cause
A Domain Controller (DC) was having problems with Active Directory Replication. Therefore the computer object for the Unix machine was not replicated to the DC having problems. When QAS went to talk to the DC using the host/ ( computer object), it could not because the computer object was not there.
-
Resolution
WORKAROUND:
Add the DCs that are working correctly to vas.conf. This allows QAS to only talk to the DC specified.
vastool configure extra-realm {domain name} {server fqdn} [{server fqdn} {server fqdn} ..]
While joining the machine to the domain, make sure that all the servers are specified (in order of preference).