We are using Crystal Report Server 2008 (BOE 3.1) with Tomcat installed on Windows Server 2003. We have configured Windows authentication and Vintela SSO with Kerberos, and it works fine...for 1 domain.
We have multiple AD domains, all in the same forest. For the moment I have declared only 2 of them in the Krb5.ini file, but only the one where CRS is installed works fine (domain1.com). I have been able to import a user from the other domain (domain2.com) in the database (via CMC, and using the "UseFQDNForDirectoryServers" registry thing - ), but this user cannot connect to the Java Apps (CMC or Infoview...). This fails with following log:
>>> KrbKdcReq send: kdc=+kdc.domain2.com+ TCP:88, timeout=30000, number of retries =3, #bytes=2719 >>>DEBUG: TCPClient reading 2682 bytes >>> KrbKdcReq send: #bytes read=2682 >>> KrbKdcReq send: #bytes read=2682 >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>> Credentials acquireServiceCreds: got tgt >>> Credentials acquireServiceCreds: continuing with main loop counter reset to 1 >>> Credentials acquireServiceCreds: main loop:  tempService=krbtgt/+domain1.com[AT]parentdomain.com+ default etypes for default_tgs_enctypes: 16 23 1 3. >>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>> Credentials acquireServiceCreds: no tgt; searching backwards >>> Credentials acquireServiceCreds: no tgt; cannot get creds KrbException: Fail to create credential. (63) - No service creds at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:279)
While trying the kinit command it succeeds with the message: "New ticket is stored in cache file ...".
Where could this come from..?