Service Account Not recognised During MP Instal

Hi Flipa,

 

 

Thank you for your detailed feedback. The installation account privileges are the one we should be focusing on here and in particular the "Local System Administrator Privileges" for the account, considering the actual error that you're getting. If the account that you are trying to install with does NOT have local administrator privileges on the box, you'll be getting the error. Also, you'll be getting this error if any of the following conditions exists in your local / domain environment

 

 

1. The computer is not attached to a Windows 2003 or later domain.

 

2. The computer is not running Windows 2003 or later.

 

3. The user is not a member of the domain the computer is attached to.

 

 

1 above could also be true if your domain is configured to run in a Windows 2000 Server compatibility mode. Coming back to the actual function call failing suggested by the Powershell script I gave you, the error happens because of a restriction on using the Kerberos authentication handshake, in particular the KERB_S4U_LOGON structure. This is related to the fact that the Windows Server 2003 domain controllers accept a new type of Kerberos request, where the service requests a ticket from the client to itself, presenting its own credentials instead of the client's. This extension is called Service-for-User-to-Self (S4U2Self) and it has to do with the "Protocol Transition" and "Constraint Delegation" Kerberos Extensions.

 

 

I won't be going into any more details here and I'm also not a domain administration / Active Directory Services expert. What we've documented on our wiki concerning the credentials involved in installing and deploying the F5 Management Pack, all stays true and in most Active Directory and Windows 2003/2008 domain configurations should be all we need. Obviously, there is a local restriction/condition in your Active Directory / Domain environment that prohibits the Kerberos handshake for the particular account(s) involved.

 

 

Julian