Blocks :
|
|
Blocks :
|
|
Blocks :
|
From network capture, customer saw AS-REP "KRB5KDC_ERR_PREAUTH_REQUIRED" and "KRBKDC_ERR_PREAUTH_FAILED" when allowtgtsessionkey = 0 for request krbtgt/DOMAIN to AD server. With kinit it seems to be working fine for the customer with latest logs we do not see KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ so the Additional pre-authentication issue is ruled out. we see a new message : KrbException: Message stream modified (41) and the exception is at at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:70)
|