For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Steve_Janetzke_'s avatar
Steve_Janetzke_
Icon for Nimbostratus rankNimbostratus
Nov 02, 2015

"Kerberos: can't get S4U2Self ticket for user test.user@TEST.DOMAIN.COM - Server not found in Kerberos database (-1765328377)"

I am having a problem - I think I have everything configured right - it gets the TGT ticket without a problem so I know the clock and all the other Kerberos settings are correct. Anyone seen anything...
Steve_Janetzke_'s avatar
Steve_Janetzke_
Icon for Nimbostratus rankNimbostratus
Nov 03, 2015

We were able to figure it out. We had to add the "host/apmkerb.svc" as an SPN for apmkerb.svc even though it got a TGT for host/apmkerb.svc@TEST.DOMAIN.COM when it tried to fetch the S4U ticket it first sent a TGS to the domain with that Sname. A packet capture on the DC revealed it and it is now fetching the S4U ticket correctly.

 

RecontuerSG_258's avatar
RecontuerSG_258
Historic F5 Account
Dec 19, 2016

Thank you for responding, Kees. Is the Kerberos database same as Active Directory database? Is a keytab file required? The Kerberos-F5 guide I am reading did not mention about keytab file and I am using 12.1.1 version of LTM. "davis" is part of Active Directory..