Random failure while communicating with KDC

Wilper, Ross A rwilper at stanford.edu
Fri Feb 28 10:44:39 EST 2014


Another avenue that you may want to look into is checking that the Active Directory domain controller has a real, routable IPv6 address and that you have disabled transition technologies (ISATAP, 6to4, Toredo, etc.) There are lots of headaches that can occur when AD thinks it is on a working IPv6 network and it really isn't.

-Ross

-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf Of sowmya
Sent: Thursday, February 27, 2014 4:10 PM
To: kerberos at mit.edu
Subject: Re: Random failure while communicating with KDC

Russ,

Thanks much for your quick response.

I am trying to do a "net ads join " to an Active Directory server on a
Windows 2008 R2 server.  I have been able to join the same Active Directory
server with the same administrator account and password but to its IPv4
address.  This problem only occurs if communication is to the Active
Directory server's IPv6 address.  I have set up all the reverse dns and
service records.  I am able to do a dig srv "_ldap._tcp.<domainname>" as
well as all other _kerberos, _gc etc. records.  But I kept getting "Cannot
contact any KDC for requested realm" and started digging into the problem a
bit.

I turned on all the dprint messages in krb5 library and found the error.  

What can I do to get around this problem?  I am at a loss now as to whether
the problem is on the Windows server side or the client. Please let me know.

Thanks again for your response,
Sowmya.



--
View this message in context: http://kerberos.996246.n3.nabble.com/Random-failure-while-communicating-with-KDC-tp39717p39736.html
Sent from the Kerberos - General mailing list archive at Nabble.com.
________________________________________________
Kerberos mailing list           Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos



More information about the Kerberos mailing list