Kerberos SSO for APM - Exchange 2016
Hello, i'm trying to configure Kerberos SSO for Outlook anywhere(Exchange 2016) but I keep getting these errors.
debug websso.3[4647]: 014d0021:7: /Common/NTLM-EX2016:Common:8d962818: ctx:0x8e61f40 SPN = HTTP/mail.domain1.fr@subdomain.domaine2.FR
info websso.3[4647]: 014d0022:6: /Common/NTLM-EX2016:Common:8d962818: Kerberos: realm for user USERX is not set, using server's realm subdomain.domaine2.FR
debug websso.3[4647]: 014d0023:7: S4U ======> /Common/NTLM-EX2016:Common:8d962818: ctx: 0x8e61f40, user: USERX@subdomain.domaine2.FR, SPN: HTTP/mail.domain1.fr@subdomain.domain2.FR
err websso.3[4647]: 014d0005:3: Kerberos: can't get S4U2Proxy ticket for server HTTP/mail.domain1.fr@subdomain.domain2.FR - Requesting ticket can't get forwardable tickets (-1765328163)
Delegation account: host/d5delegation @subdomain.domain2.fr
Kerberos SSO Auth:
SPN is HTTP/mail.domain1.fr (the public hostname where clients came)
And Also on Delegation > I choose trust this user for delegation to specified services only > USe any authentification protocol > and i choose the SPN
AD servers are on pre-production, on subdomain.domain2.fr.
This command (nslookup -type=SRV _kerberos._tcp.dc._msdcs.subdomain.domain2.fr) doesnt found KDC because the f5 dns is only resolving on domain1.fr. BUT since F5 is resolving the domain controllers of the preprod zone (the dc server I specified in kerberos sso auth), is it ok ?
This doesnt work too:
kinit -f HTTP/mail.domain1.fr@subdomain.domain2.FR kinit: Cannot resolve servers for KDC in realm .......
Thanks for help