Microsoft changed the behavior of Windows with regards to the use of key version numbers in 2003. You will need to re-export the service principal keys.
Jeffrey Altman Larry Cashdollar wrote:
Hello all,So for two or three years now I have managed an AFS Cell that authenticates to windows 2000 AD server.The AD servers were recently converted to windows 2003 and now I can no longer authenticate to my cell. Authenticating to cell vapid-labs.com <http://vapid-labs.com> (server afs-camdb1.vapid-labs.com <http://afs-camdb1.vapid-labs.com>). We've deduced that we need to authenticate to realm VAPID-LABS.COM <http://VAPID-LABS.COM>. Getting tickets: afs/[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>Kerberos error code returned by get_cred: -1765328154 aklog: Couldn't get vapid-labs.com <http://vapid-labs.com> AFS tickets:aklog: Key version number for principal in key table is incorrect while gettingAFS ticketsOn my other client I get the same error code, but it is mapped to a different message.Which one is the correct message? [EMAIL PROTECTED]:~$ aklog -dAuthenticating to cell vapid-labs.com <http://vapid-labs.com> (server afs-camdb1.vapid-labs.com <http://afs-camdb1.vapid-labs.com>). We've deduced that we need to authenticate to realm vapid-labs.com <http://vapid-labs.com>. Getting tickets: afs/[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>Kerberos error code returned by get_cred: -1765328154 aklog: Couldn't get vapid-labs.com <http://vapid-labs.com> AFS tickets: aklog: New password cannot be zero length while getting AFS ticketsI use a seperate kerberos server running krb524 on port 4444 to convert tickets.Any help will be appreciated.
smime.p7s
Description: S/MIME Cryptographic Signature
