InitializeSecurityContext () throws SEC_E_WRONG_PRINCIPLE.
henin
henin at newsgroup.nospam
Thu Mar 16 04:16:18 EST 2006
Hello All,
We are facing very strange issues on some of our installations.
InitializeSecurityContext () throws SEC_E_WRONG_PRINCIPLE error.
Setup consists of a client and a server, server is running as a
service (LocalSystem)
Both client and server are running on the same machine.
The setup is as below
1)Platform : Windows 2000 with sp4.
2)Server is running as a service with log-on user as LocalSystem.
3)Kerberos is used for authenticating the client with the server.
In non-working case on both sides( client and server ) we are getting
SEC_I_CONTINUE_NEEDED during the 3rd leg phase of authetication
and later on the client side( InitializeSecurityContext() ) we get
SEC_E_WRONG_PRINCIPLE error.
I have verified that the targetname that is being passed to
InitializeSecurityContext() is domain\hostname.One more point here is
the hostname is not a fqdn.
I have verified that ping hostname and later ping -a ipaddress
gives me the fqdn of the machine on which both the client/server
are running.
The same installation on a different machine ( Say m/c B) works fine.
We get SEC_E_OK on the first call to AcceptSecurityContext().
Both these machines are in the same domain and have same os configuration.
Running "Setspn -l (hostname)" gives the following output:
C:\Program Files\Resource Kit>Setspn.exe -l COMPUTERNAME
Registered ServicePrincipalNames for CN=COMPUTERNAME
,CN=Computers,DC=DOMAIN-NAME,DC=us
,DC=ORG-NAME,DC=com:
Any pointers here.
Regards,
Henin.
More information about the Kerberos
mailing list