|
Home > Archive > IIS Server Security > January 2006 > Kerberos Error 4
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Michael Morisoli 2006-01-16, 6:04 pm |
| I am still trying to get all my spn's configured properly and seem to be
missing something.
The details of the event log are;
"The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
host/vieon-sql2k5-01.vieon.net. The target name used was
HTTP/VIEON-Sql2k5-01.vieon.net. This indicates that the password used to
encrypt the kerberos service ticket is different than that on the target
server. Commonly, this is due to identically named machine accounts in the
target realm (VIEON.NET), and the client realm. Please contact your system
administrator."
vieon-sps-01 hosts CRM and SPS.
vieon-sql2k5-01 hosts SQL 2005 and SSRS.
When a domain user connects to the SPS portal or CRM and then trys to run a
Reporting Services (SSRS) report they are prompted for a username /
password. This will never succeed even when entering a proper
username/password.
The SPS server records the Security Error #4 detailed above.
I have checked and can not find any duplicate machine names so I am at a
loss.
There is something I am still missing, any clues are welcome.
| |
| Ken Schaefer 2006-01-18, 2:50 am |
| Could I suggest that you tell us what steps you have already taken?
Are you running the services on the IIS box under the default (inbuilt
identities)? Or custom accounts?
What about on the target machine (the SQL Server DB)?
Cheers
Ken
"Michael Morisoli" <michael@removeme.vieon.net> wrote in message
news:%231jAOiqGGHA.2632@TK2MSFTNGP10.phx.gbl...
:I am still trying to get all my spn's configured properly and seem to be
: missing something.
:
: The details of the event log are;
: "The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
: host/vieon-sql2k5-01.vieon.net. The target name used was
: HTTP/VIEON-Sql2k5-01.vieon.net. This indicates that the password used to
: encrypt the kerberos service ticket is different than that on the target
: server. Commonly, this is due to identically named machine accounts in
the
: target realm (VIEON.NET), and the client realm. Please contact your
system
: administrator."
:
: vieon-sps-01 hosts CRM and SPS.
: vieon-sql2k5-01 hosts SQL 2005 and SSRS.
:
: When a domain user connects to the SPS portal or CRM and then trys to run
a
: Reporting Services (SSRS) report they are prompted for a username /
: password. This will never succeed even when entering a proper
: username/password.
:
: The SPS server records the Security Error #4 detailed above.
: I have checked and can not find any duplicate machine names so I am at a
: loss.
:
: There is something I am still missing, any clues are welcome.
:
:
:
|
|
|
|
|