-
Title
How to troubleshoot KRB5_KDC_UNREACH (-1765328228): Cannot contact any KDC for requested realm? -
Description
How to troubleshoot KRB5_KDC_UNREACH (-1765328228): Cannot contact any KDC for requested realm?
/opt/quest/bin/vastool flush
Stopping vasd: [ OK ]
Could not load caches- Authentication failed, error = VAS_ERR_NOT_FOUND: Not found
Caused by:
VAS_ERR_KRB5: Failed to obtain credentials. Keytab: , Client::machine-name$@EXAMPLE.COM, Service: krbtgt/SSOCORP.EXAMPLE.COM@EXAMPLE.COM, Server: dc01.example.com
Caused by:
KRB5_KDC_UNREACH (-1765328228): Cannot contact any KDC for requested realmIt appears that the computer object has not yet replicated to the Global Catalog.
vasd will stay in disconnected mode until this replication takes place.
You do not need to rejoin this computer. -
Cause
It can not talk to the domain controller that it was previously reaching.
-
Resolution
Here are some useful commands to help determine if and what QAS can communicate with:
1 - /opt/quest/bin/vastool info domain
This will display the domain name to put into step 2.
2 - /opt/quest/bin/vastool info cldap <domain>
The
cldapoption will cldap ping ( port 389 UDP ) the specified server, and return the information in the response. This command can be used with a domain name if that name resolves to the IP of a Domain Controller.and
b ) /opt/quest/bin/vastool info cldap <domain-controller-name)
Here is the output of the commands from my lab:-bash-3.00# vastool info cldap i.ts.hal.ca.qsft
Server IP: 10.5.83.46
Server Forest: i.ts.hal.ca.qsft
Server Domain: i.ts.hal.ca.qsft
Server Hostname: idss01.i.ts.hal.ca.qsft
Server Netbios Domain: I
Server Netbios Hostname: IDSS01
Server Site: Default-First-Site-Name
Client Site: Default-First-Site-Name
Flags: GC LDAP DS KDC CLOSE_SITE WRITABLE
Query Response Time: 0.0137 seconds-bash-3.00# vastool info cldap i.ts.hal.ca.qsft
Server IP: 10.5.83.46
Server Forest: i.ts.hal.ca.qsft
Server Domain: i.ts.hal.ca.qsft
Server Hostname: idss01.i.ts.hal.ca.qsft
Server Netbios Domain: I
Server Netbios Hostname: IDSS01
Server Site: Default-First-Site-Name
Client Site: Default-First-Site-Name
Flags: GC LDAP DS KDC CLOSE_SITE WRITABLE
Query Response Time: 0.0137 seconds
-bash-3.00#
-bash-3.00# vastool info cldap idss01.i.ts.hal.ca.qsft
Server IP: 10.5.83.46
Server Forest: i.ts.hal.ca.qsft
Server Domain: i.ts.hal.ca.qsft
Server Hostname: idss01.i.ts.hal.ca.qsft
Server Netbios Domain: I
Server Netbios Hostname: IDSS01
Server Site: Default-First-Site-Name
Client Site: Default-First-Site-Name
Flags: GC LDAP DS KDC TIMESERV CLOSE_SITE WRITABLE
Query Response Time: 0.0111 seconds3 - Run the following command as a health check of QAS: /opt/quest/bin/vastool status
Query our Knowledge Base for any errors or messages from the status command for more information.