Siteminder : Keytab contains no suitable keys for HTTP/http_host_fqdn@exampledomain
search cancel

Siteminder : Keytab contains no suitable keys for HTTP/http_host_fqdn@exampledomain

book

Article ID: 412148

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

Kerberos Authentication failure with the below error in the watrace logs:

[08/30/2025][18:44:40][13052][18684][SmKCC.cpp:111][SmKcc::getCredentials][00000000000000000000000001000000-32fc-68b2d618-48fc-01740029][*X.X.X.3][][agent][/portal][][Kerberos Credential Cache login failed with service principal HTTP/http_host_fqdn@exampledomain: Keytab contains no suitable keys for HTTP/http_host_fqdn@exampledomain]

Environment

PolicyServer: 12.8 SP8 CR01

WebAgent: 12.52 SP1 CR11

WebServer: Apache 2.4

WebServer OS: Windows 2019

Cause

Mismatch of the HTTP Service Principal name.

 

Resolution

 

- List the keytab entries using the command below.

>klist -e -k -t C:\kerberos-ag.keytab

- Copy the Service Principal name from the output as highlighted. (masked due to protect sensitive data)

- Modify the ACO.

- Update the Service Principal name in the ACO from the above klist output.

 

- Save and submit the changes.

- Restart the WebAgent.

Powered by Wolken Software