Kerberos SSO Clients Not Getting Ticket
I'm setting up a new Kerberos SSO site. I've copied the config from a working SSO site we already have setup. In the VPE we have the 401 with negotiate and then the Kerberos authentication. Everything looks in order, but we are failing Kerberos authentication. In the logs I get a message stating:
"GSS-API error gss_accept_sec_context: 70000 : No credentials were supplied, or the credentials were unavailable or inaccessible "
Also I've taken packet captures comparing the good and the new SSO. When connecting to the good SSO I see the client reach out and get a ticket, however with the new SSO I do not see any kerberos traffic captured. What could I be missing that is not triggering the client to go get a Kerberos ticket?
The other answer showed me the problem. In our testing, we were going directly to the virtual server IP instead of the FQDN. Since the IP didn't match what was in the UPN it was failing kerberos. As soon as we entered the FQDN as the URL everything worked fine.