Authentication stopped working and vas_status reports error, "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN (-1765328378) Client not found in Kerberos database."
Rejoining the system allows authentication to start working again, but then the error returns.
A Domain Controller (DC) was having problems with Active Directory Replication. Therefore the computer object for the Unix machine was not replicated to the DC having problems. When QAS went to talk to the DC using the host/ ( computer object), it could not because the computer object was not there.
WORKAROUND:
Add the DCs that are working correctly to vas.conf. This allows QAS to only talk to the DC specified.
vastool configure extra-realm {domain name} {server fqdn} [{server fqdn} {server fqdn} ..]
While joining the machine to the domain, make sure that all the servers are specified (in order of preference).
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center