kdc_err_s_principal_unknown ?

[g]

Can anyone help me? my applications erver all of a sudden is getting this
error in system event log.
Kerberos Error Message was received:
on logon session InitializeSecurityContext
Client Time:
Server Time:
Error Code: 18:0:26.0000 1/2/2004 (null) 0x7
Extended Error: KDC_ERR_S_PRINCIPAL_UNKNOWN
Client Realm:
Client Name:
Server Realm: DOMAIN.CA
Server Name: krbtgt/DOMAIN.CA
Target Name: MSSQLSvc/fsrvsea1.domain.ca:[email protected]
Error Text:
File:
Line:
Error Data is in record data.

domain.ca=renamed real ad domain name.

Cant find anything on this? Anyone seen this before?

 

[IBTerry [MSFT]]

Looks like that error maps to "Server not found in Kerberos database".
Make sure you are running the latest service pack as there are a couple of
fixes for this error in service packs. Also since this seems to be a SQL
server make sure Kerberos is configured properly for it.

817384 HOWTO: Use Kerberos Authentication for Microsoft SQL Server 2000
http://support.microsoft.com/?id=817384

811889 HOW TO: Troubleshoot the "Cannot Generate SSPI Context" Error Message
http://support.microsoft.com/?id=811889

IBTerry [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.

 

[g]

Looks like that error maps to "Server not found in Kerberos database".
Make sure you are running the latest service pack as there are a couple of
fixes for this error in service packs. Also since this seems to be a SQL
server make sure Kerberos is configured properly for it.

817384 HOWTO: Use Kerberos Authentication for Microsoft SQL Server 2000
http://support.microsoft.com/?id=817384

811889 HOW TO: Troubleshoot the "Cannot Generate SSPI Context" Error Message
http://support.microsoft.com/?id=811889

IBTerry [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.

Hi, thanks for the reply. I am running sql7.

Kerberos Error Message was received:
on logon session InitializeSecurityContext
Client Time:
Server Time:
Error Code: 18:0:26.0000 1/2/2004 (null) 0x7
Extended Error: KDC_ERR_S_PRINCIPAL_UNKNOWN
Client Realm:
Client Name:
Server Realm: DOMAIN.CA
Server Name: krbtgt/DOMAIN.CA
Target Name: MSSQLSvc/fsrvsea1.domain.ca:[email protected]
Error Text:
File:
Line:
Error Data is in record data.

I have no client realm or name.
Nor is there any data.
Server name is krbtgt/domain/ca? does that mean it is looking for the
krbtgt server or service?
same with target name?

This error message doesnt seem to leave me enough information to
troubleshoot the problem.

I see no olap service running.

Thanks again.

 

[g]

Looks like that error maps to "Server not found in Kerberos database".
Make sure you are running the latest service pack as there are a couple of
fixes for this error in service packs. Also since this seems to be a SQL
server make sure Kerberos is configured properly for it.

817384 HOWTO: Use Kerberos Authentication for Microsoft SQL Server 2000
http://support.microsoft.com/?id=817384

811889 HOW TO: Troubleshoot the "Cannot Generate SSPI Context" Error Message
http://support.microsoft.com/?id=811889

IBTerry [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.

Hi, thanks for the reply. I am running sql7.

Kerberos Error Message was received:
on logon session InitializeSecurityContext
Client Time:
Server Time:
Error Code: 18:0:26.0000 1/2/2004 (null) 0x7
Extended Error: KDC_ERR_S_PRINCIPAL_UNKNOWN
Client Realm:
Client Name:
Server Realm: DOMAIN.CA
Server Name: krbtgt/DOMAIN.CA
Target Name: MSSQLSvc/fsrvsea1.domain.ca:[email protected]
Error Text:
File:
Line:
Error Data is in record data.

I have no client realm or name.
Nor is there any data.
Server name is krbtgt/domain/ca? does that mean it is looking for the
krbtgt server or service?
same with target name?

This error message doesnt seem to leave me enough information to
troubleshoot the problem.

I see no olap service running.

Thanks again.

I also have the user krbtgt disabled.. i am certain no one disabled him on
their own?
would this have anything to do with it?

 

[g]

Looks like that error maps to "Server not found in Kerberos database".
Make sure you are running the latest service pack as there are a couple of
fixes for this error in service packs. Also since this seems to be a SQL
server make sure Kerberos is configured properly for it.

817384 HOWTO: Use Kerberos Authentication for Microsoft SQL Server 2000
http://support.microsoft.com/?id=817384

811889 HOW TO: Troubleshoot the "Cannot Generate SSPI Context" Error Message
http://support.microsoft.com/?id=811889

IBTerry [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.

Hi, thanks for the reply. I am running sql7.

Kerberos Error Message was received:
on logon session InitializeSecurityContext
Client Time:
Server Time:
Error Code: 18:0:26.0000 1/2/2004 (null) 0x7
Extended Error: KDC_ERR_S_PRINCIPAL_UNKNOWN
Client Realm:
Client Name:
Server Realm: DOMAIN.CA
Server Name: krbtgt/DOMAIN.CA
Target Name: MSSQLSvc/fsrvsea1.domain.ca:[email protected]
Error Text:
File:
Line:
Error Data is in record data.

Bit more on this, I have a friend of a friend who has had the same problem
since patching his machines. His setup is:
standalone iis/asp server
ad domain

mine is
member iis/asp/database server
ad domain
nt4 domains that trust the ad domain

He said that the only way he could get it to work was creating the
IUSR_LOCALSERVERNAME
user in his domain as domain\IUSR_LOCALSERVERNAME
then the error messages went away.
Like me the server/asp pages worked as always, just getting a ton of
messages.

anyone else seen this?
thanks