Users are not able to access the Enforce console using their domain credentials
search cancel

Users are not able to access the Enforce console using their domain credentials

book

Article ID: 274538

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Enforce

Issue/Introduction

Enforce users are unable to log in using the domain credentials

Environment

Release : 16.0

Cause

The logs show the following:

C:\AdoptOpenJRE\jdk8u322-b06-jre\bin>kinit <user name>@example.example.com

Password for <user name>@example.example.com:

Exception: krb_error 41 Message stream modified (41) Message stream modified

KrbException: Message stream modified (41)

        at sun.security.krb5.KrbKdcRep.check(KrbKdcRep.java:55)

        at sun.security.krb5.KrbAsRep.decrypt(KrbAsRep.java:159)

        at sun.security.krb5.KrbAsRep.decryptUsingPassword(KrbAsRep.java:139)

        at sun.security.krb5.KrbAsReqBuilder.resolve(KrbAsReqBuilder.java:312)

        at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:498)

        at sun.security.krb5.internal.tools.Kinit.acquire(Kinit.java:248)

        at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:134)

        at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:96)

 

C:\AdoptOpenJRE\jdk8u322-b06-jre\bin>

Resolution

The kinit is expecting the krb5.ini in specific Windows directories, for example:

C:\winnt

Add the following switches to specify the location of the DLP krb5.ini, use your file path. 

kinit.exe -J-Dsun.security.krb5.debug=true -J-D"java.security.krb5.conf=C:\Program Files\Symantec\DataLossPrevention\EnforceServer\16.0\Protect\config\krb5.ini" <user name>@example.example.com.