Forum Discussion
Kevin_Stewart
Aug 21, 2015Employee
If you have the ability to capture Kerberos traffic between the client and KDC, look at the TGS_REQ being sent by the client. Your APMs are probably set up to authenticate (have a keytab) for mysite.mydomain.com, but you find that your clients are requesting tickets for mysite.gtm.mydomain.com. In any case, you'll need to add that as an SPN to the same account and then create a multi-SPN keytab.