Product: TIBCO Spotfire®
Unable to log on to a Windows Server domain after resetting the user account password by using the Ktpass.exe tool together with the -pass * parameter.
Description:
When setting up Kerberos in your Spotfire environment, you can use the ktpass.exe tool to create a keytab file. When using the Ktpass.exe tool together with the /pass * parameter, you are setting a new password. This will result in subsequent login failures when trying to login to a Windows domain using the user account specified when running the ktpass.exe tool.
Symptoms:
Unable to login to any computers in your domain using the user account specified when you ran the ktpass.exe tool.
Cause:
When you use the /pass * parameter in the Ktpass.exe tool, the Ktpass.exe tool appends the following extra characters to the password: \0a
You can use the KTPASS command with /pass PASSWORD instead and just replace PASSWORD with the password of your choosing.
Example:
ktpass /princ HTTP/<fully qualified hostname>[:<port>]@<realm> /ptype krb5_nt_principal /crypto rc4-hmac-nt /mapuser <service account name> /out spotfire.keytab -kvno 0 /pass PASSWORD
Hotfix available for Windows Server 2003 only.
http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=939980&kbln=en-us
http://social.technet.microsoft.com/Forums/windowsserver/en-US/dbf2028b-139a-484d-9067-39dd694f2a4b/can-not-logon-account-after-using-ktpass-to-map-a-spn-to-it?forum=winserverDS
Comments
0 comments
Article is closed for comments.