search cancel

Web Agent :: Kerberos : Handling the error "Server not found in Kerberos database"


Article ID: 75014


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


I'm running a Web Agent for Kerberos, and when I request the kerberos
request, the Web Agent cannot authenticate the user and throw the error

   Failed to create delegated GSSAPI token on behalf
   of HTTP/[email protected] for
   [email protected]: Minor Status=-1765328377,
   Major Status=851968, Message=Server not found in
   Kerberos database 

Why do I get this error ?


This applies to all CA Single Sign-On versions.


You get this error because the is not found in the
krb5.conf file on the Web Agent side.

Check in the krb5.conf for the domain equivalence configuration. You
get this error because you don't get the configured :

[domain_realm] = MYDOMAIN.COM = MYDOMAIN.COM

# you need also the following lines : = MYDOMAIN.COM = MYDOMAIN.COM

Obviously, make sure that both Web Agent and Policy Server has the
same krb5.conf configuration as per the "Policy Server Configuration
Guide 12.52 SP1"