I have a CR2008 V1 System, now with SP3 installed, running on a Windows Server 2008 x32 SP2 System. I can log on using Enterprise Authentication, but cannot get any users account to log in using Windows AD Authentication. The CMC shows that the AD Module is Updating, and minor changes in a Test User(change of OU) is reflected in the Alias shown, but the system will not recognise the AD login.

A strange thing is that when I went through Tim Ziemba's excellent White Paper and followed the steps, I got to run kinit (Username) and found that the system was looking for a c:\WINNT folder to find krb5.ini and bslogin.conf. Since this folder does not exist in Windows Server 2008, I even created it and copied these files in, but when I enter kinit (Username), I now get a password prompt, but on entering the password, I get the following:

C:\Program Files\Business Objects\javasdk\bin>kinit (Username here) --- Actual Value replaced

Password for(Username)@DOMAIN.COM.AU:(Password here) ---Actual Value replaced

Exception: krb_error 24 Pre-authentication information was invalid (24) Pre-auth

entication information was invalid

KrbException: Pre-authentication information was invalid (24)

at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:66)

at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:486)

at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:444)

at sun.security.krb5.internal.tools.Kinit.sendASRequest(Kinit.java:310)

at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:259)

at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:106)

Caused by: KrbException: Identifier doesn't match expected value (906)

at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)

at sun.security.krb5.internal.ASRep.init(ASRep.java:58)

at sun.security.krb5.internal.ASRep.<init>(ASRep.java:53)

at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:50)

... 5 more

Since contacting SAP Support is like waiting for the next Comet to arrive, I wonder if anyone here has any helpful ideas?