Hallo, ich habe folgendes Problem, ein Kunde von uns hat eine Java-Anwendung die ein Keytab nutzt. Die Anwendung wird täglich neugestartet. Gestern funktionierte die Anwendung nicht mehr mit dem Fehler "Client not found in Kerberos database" Allerdings ist der SPN im Account gepflegt: [cid:image001.png@01CB23FE.E8C94140] Habt ihr das schonmal gehabt dass der DC den SPN nicht mehr findet obwohl er vorhanden ist? Anbei noch das log vom Aufruf des kinit: D:\Program Files\Java\jdk1.6.0_20\bin>kinit -k -t \ibi\WebFOCUS77\webapps\webfoc us\WEB-INF\XXX.keytab HTTP/webfocus-energy-prod02.XXX.XXX.com@REALMNAME -J-Dsun.security.krb5.debug=true >>>KinitOptions cache name is C:\Documents and Settings\e711a-behre03m\krb5cc_e7 11a-behre03m Principal is HTTP/webfocus-energy-prod02.XXX.XXX.com@REALMNAME >>> Kinit using keytab >>> Kinit keytab file name: \ibi\WebFOCUS77\webapps\webfocus\WEB-INF\DEFTHW99W4Y SRV.keytab >>> KeyTabInputStream, readName(): REALMNAME >>> KeyTabInputStream, readName(): HTTP >>> KeyTabInputStream, readName(): webfocus-energy-prod02.XXX.XXX.com >>> KeyTab: load() entry length: 96; type: 23 Added key: 23version: 13 Ordering keys wrt default_tkt_enctypes list Config name: C:\WINDOWS\krb5.ini Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 3 1 23 16 17. >>> Kinit realm name is REALMNAME >>> Creating KrbAsReq >>> KrbKdcReq local addresses for SERVER are: SERVER/IP IPv4 address SERVER/IP IPv4 address Using builtin default etypes for default_tkt_enctypes default etypes for default_tkt_enctypes: 3 1 23 16 17. >>> KrbAsReq calling createMessage >>> KrbAsReq in createMessage >>> Kinit: sending as_req to realm REALMNAME >>> KrbKdcReq send: kdc=DC FQDN UDP:88, timeout=30000, number of retries =3, #bytes=219 >>> KDCCommunication: kdc=DC FQDN UDP:88, timeout=30000 ,Attempt =1, #bytes=219 >>> KrbKdcReq send: #bytes read=106 >>> KrbKdcReq send: #bytes read=106 >>> reading response from kdc >>> KDCRep: init() encoding tag is 126 req type is 11 >>>KRBError: sTime is Thu Jul 15 08:30:11 CEST 2010 1279175411000 suSec is 788625 error code is 6 error Message is Client not found in Kerberos database realm is REALMNAME sname is krbtgt/ REALMNAME msgType is 30 Exception: krb_error 6 Client not found in Kerberos database (6) Client not foun d in Kerberos database KrbException: Client not found in Kerberos database (6) at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:66) at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:449) at sun.security.krb5.internal.tools.Kinit.sendASRequest(Kinit.java:306) at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:237) at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:107) Caused by: KrbException: Identifier doesn't match expected value (906) Gruß Lars