KRB5_REALM_UNKNOWN errors with GSS Negotiate on Vista

[David Rosenstrauch]

Never mind - problem solved.  Our internal DNS is apparently 
misconfigured.  The XP box had been updated to work around that by 
explicitly pointing to the correct DNS server for the domain; the Vista 
box (after the re-install) had not.

"Nothing to see here people; move along."  :-)

Thanks,

DR

David Rosenstrauch wrote:
> I'm experiencing "Cannot find KDC for requested realm" 
> (KRB5_REALM_UNKNOWN) errors when running our code on Windows Vista.  But 
> on XP the exact same executables work fine.  Very strange.  What's even 
> stranger is that this code used to work fine on the Vista box too until 
> we had to reinstall the OS.  Details as follows:
> 
> Our code uses libcurl for http requests.  We've built libcurl with 
> support for GSSAPI/SPNEGO, using the appropriate libraries, including 
> MIT Kerberos (i.e., gssapi32.dll, etc.).  All was working well - code 
> ran fine on both Vista and XP.
> 
> ... until about a week ago, when problems on the Vista box forced us to 
> reinstall the OS.  Now libcurl is tossing up "Cannot find KDC for 
> requested realm" messages from krb5 whenever we access an 
> SPNEGO-protected site.
> 
> I'm at a bit of a loss to understand what the error even is here.  IIUC, 
> KRB5_REALM_UNKNOWN errors mean that krb5 was not able to locate the KDC 
> via SRV DNS records.  But I don't understand how that could be the case. 
>   I've verified that the records are there.  Plus the XP box (which is 
> part of the same domain) obviously looks them up just fine.  So I'm 
> wondering what's unique about Vista - or perhaps this particular Vista 
> box - that would prevent krb5 from finding it?  (And similarly, what 
> might have changed on the Vista box since the OS re-install that broke 
> it?)  Google turned up a whole lot of nothing.
> 
> Help appreciated - I'm stumped!
> 
> TIA,
> 
> DR