InitializeSecurityContext () throws SEC_E_WRONG_PRINCIPLE.

henin henin at newsgroup.nospam
Thu Mar 16 04:16:18 EST 2006

Hello All,
We are facing very strange issues on some of our installations.
InitializeSecurityContext () throws SEC_E_WRONG_PRINCIPLE error.

Setup consists of a client and a server, server is running as a
service (LocalSystem)
Both client and server are running on the same machine.

The setup is as below
1)Platform : Windows 2000 with sp4.
2)Server is running as a service with log-on user as LocalSystem.
3)Kerberos is used for authenticating the client with the server.

In non-working case on both sides( client and server ) we are getting
SEC_I_CONTINUE_NEEDED during the 3rd leg phase of authetication
and later on the client side( InitializeSecurityContext() ) we get

I have verified that the targetname that is being passed to
InitializeSecurityContext() is domain\hostname.One more point here is
the hostname is not a fqdn.

I have verified that ping hostname and later ping -a ipaddress
gives me the fqdn of the machine on which both the client/server
are running.

The same installation on a different machine ( Say m/c B) works fine.
We get SEC_E_OK on the first call to AcceptSecurityContext().
Both these machines are in the same domain and have same os configuration.

Running "Setspn -l (hostname)" gives the following output:

C:\Program Files\Resource Kit>Setspn.exe -l COMPUTERNAME
Registered ServicePrincipalNames for CN=COMPUTERNAME

Any pointers here.


More information about the Kerberos mailing list