Skip to Content
author's profile photo Former Member
Former Member

krb_error 0 Cannot get kdc for realm DOMAIN.com | Kerberos Windows AD Error

Hi dear community,

I try to install Windows AD authentication for SAP BusinessObjects XI 4.0 SP02 patch 14 (version 641), installed on Windows Server 2008 R2 Standard Service Pack 1 (serveurBO), and an Apache Tomcat 6.0.24.

I've also an other serveur for my Domain Control AD (serveurAD)

At the step where I've to execute in my serveurBO --> C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\jdk\bin>kinit my_service in the command prompt, after I enter my password, I've the error :

Password for my_service@DOMAIN.com:

Exception: krb_error 0 Cannot get kdc for realm DOMAIN.com No error

Krb Exception: Cannot get kdc for realm DOMAIN.com

at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:133)

at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:106)

at sun.security.krb5.internal.tools.Kinit.sendASRequest(Kini.java:298)

at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:237)

at sun.security.krb5.internal.tools.Kinit.main(Kini.java:107)

I've searched solutions on the SCN and the Net, soI try to change encryption parameter, DOMAIN.com, DOMAIN.COM, domain.com...., in my C:\WindowsKrb5.ini files, always the same error...

Here is my Krb5.ini files:

[libdefaults]

default_realm = DOMAIN.com

dns_lookup_kdc = true

dns_lookup_realm = true

udp_preference_limit = 1

default_tgs_enctypes = DES-CBC-MD5

default_tkt_enctypes = DES-CBC-MD5

[realms]

DOMAIN.com {

kdc = serveurAD.DOMAIN.com

default_domain = DOMAIN.com

}

Advices ? solutions ? Ideas ?

I take all !

Regard.

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • author's profile photo Former Member
    Former Member
    Posted on Apr 24, 2012 at 08:24 PM

    I had this problem too. I ran the set command logged into the server as a domain user and looked for the value after "LOGONSERVER=\\" Once I matched it this error went away for me. Here is my working example. The names were changed to protect the innocent.

    [libdefaults]

    default_realm = DOMAIN.COM

    dns_lookup_kdc = true

    dns_lookup_realm = true

    default_tgs_enctypes = rc4-hmac

    default_tkt_enctypes = rc4-hmac

    udp_preference_limit = 1

    [realms]

    DOMAIN.COM = {

    kdc = LOGONSERVER.DOMAIN.COM

    default_domain = DOMAIN.COM

    }


    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.