search cancel

Kerberos authentication fails against ProxySG with error: "wrong Kerberos service principal"


Article ID: 170570


Updated On:


ProxySG Software - SGOS


When using the ProxySG, the Kerberos authentication does not work.

In the Policy_Trace on the ProxySG:

EXCEPTION(configuration_error): Authentication failed because of a configuration problem
Last Error: Either the realm has been configured to use the wrong Kerberos service principal, or the SG has the wrong password for the principal


In the user's browser:


The HTTP Service Principal Name (SPN) of the ProxySG is missing in the Key Distribution Center (KDC).


Connect to your Active Directory Server (which is your KDC) and update the SPN registry of the ProxySG:

  • List your all the SPNs of the ProxySG and confirm the HTTP SPN is missing

setspn -l <insert your proxysg name>

  • Add the new SPN for HTTP

setspn -s http/<insert your proxysg name with FQDN> <insert your proxysg name>

  • Verify that the new HTTP SPN is listed for the ProxySG

setspn -l <insert your proxysg name>