GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)

Marcus_Fuchs · November 25, 2021, 10:18am

What product/components do you use and which version/fix level?

MWS_10.3_Fix20

Are you using a free trial or a product with a customer license?

Fully licensed.

What are trying to achieve? Please describe in detail.

Kerberos authentication with MwS

Do you get any error messages? Please provide a full error message screenshot and log file.

2021-11-24 11:23:14 CET (SpnegoFilterWrapper:INFO) [qtp1476620629-362] - Error while processing Kerberos token GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)

Steps to reproduce:

Install MwS.
Install fixes available on 6th October 2021.
Set up HTTPS (TLS).
Set up Kerberos configuration (jaas.config, keytab file, Admin UI → Kerberos Authentication Administration).

Steps tried to resolve the error:

All steps from this answer except step no. 2 since I have not created the keytab file myself.
The keytab file supports the following encryption type:

ITDC # klist -k /path/to/file.keytab -K -e
Keytab name: FILE:/path/to/file.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   3 HTTP/hostname@DOMAIN (arcfour-hmac)  (0x123456789)

So my question is:

Where can I find the respective Kerberos settings (defining the allowed encryption types) of MwS?

Marcus_Fuchs · December 13, 2021, 10:10am

While my question is still open, I’ve managed to work around this issue by setting up a new installation from scratch.

system · March 13, 2022, 10:11am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.