SSPI/GSS-API : mech_dh: Invalid or unknown error
Jeffrey Altman
jaltman2 at nyc.rr.com
Thu Apr 7 16:37:13 EDT 2005
Jacques Lebastard wrote:
>
> Hi folks,
>
> I wrote a SSPI Client / GSS-API Server application that works fine in a
> tree of ActiveDirectory domains / Solaris realm environment where the
> KDC are the AD domain controlers.
>
> Server application is located in mytree.dom and users in child.mytree.dom.
>
> However, I sometimes get an error for some users. These users can
> establish a context from W2K workstations but cannot from WinXP
> workstations (both workstations are located in child.mytree.dom).
>
> The Solaris GSS-API server shows the following error message for
> connections established on WinXP ws:
>
> MAJOR(gss_accept_sec_context) : Unspecified GSS failure. Minor code may
> provide more information
> MINOR(gss_accept_sec_context) : mech_dh: Invalid or unknown error
>
>
> What does 'mech_dh' mean ? Diffie-Hellman mechanism ???
>
> What differences between Kerberos SSP W2K SP4 and WinXP SP 1 ?
>
>
> Thanks for any hint,
> --
> Jacques
I suggest you obtain a network trace for the exchange.
Jeffrey Altman
--
-----------------
This e-mail account is not read on a regular basis.
Please send private responses to jaltman at mit dot edu
More information about the Kerberos
mailing list