Did your admins go to Windows Server 2008 (Standard, whatever) or to 2008 R2?
I'm trying to collect notes on getting the KDC to run on 2008 Standard (not R2) and having a very difficult time of it. Thanks. > -----Original Message----- > From: [email protected] [mailto:openafs-info- > [email protected]] On Behalf Of Thomas Smith > Sent: Sunday, April 17, 2011 9:35 PM > To: [email protected] > Subject: [OpenAFS] Unable to get tokens after replacing Win2k3 DC with > a Win2k8 DC > > Hi, > > Our AD admins replaced our local DC. We were working great when the DC > was Win2k3--since they replaced it with a Win2k8 DC, none of my > OpenAFS servers are able to supply tokens. (Not sure if this is > relevant... But the admin who did the upgrade had a number of issues > and was unable to promote the box to a RW DC, he was only able to > promote it to an RO DC.) > > I am able to acquire a kerberos ticket on every machine (clients > included). But when I run aklog from the file server: > > ----- AKLOG > aklog -d domain.local -k DOMAIN.LOCAL > Authenticating to cell domain.local (server server01.domain.local). > We were told to authenticate to realm DOMAIN.LOCAL. > Getting tickets: afs/[email protected] > Getting tickets: afs/[email protected] > Kerberos error code returned by get_cred : -1765328370 > aklog: Couldn't get domain.local AFS tickets: > aklog: unknown RPC error (-1765328370) while getting AFS tickets > ----- END AKLOG > > When I run it from a Mac client: > > ----- AKLOG > aklog -d domain.local -k DOMAIN.LOCAL > Authenticating to cell domain.local (server server01.domain.local). > We were told to authenticate to realm DOMAIN.LOCAL. > Getting tickets: afs/[email protected] > Getting tickets: afs/[email protected] > Kerberos error code returned by get_cred : -1765328353 > aklog: Couldn't get domain.local AFS tickets: > aklog: Decrypt integrity check failed while getting AFS tickets > ----- END AKLOG > > I'm not really sure where to go with this... Nothing has changed other > than our local DC. > > Everything I've found regarding errors like this points to a kerberos > problem, but I am able to get tickets just fine. > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
