none
No Key to Generate Kerberos Ticket RRS feed

  • Question

  • Hi All,

    SCOM has generated the following alert. I have replaced the actual service account name with "Account Name".

    No Key to Generate Kerberos Ticket

    While processing an AS request for target service krbtgt, the account "Account Name" did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 1). The requested etypes : 17. The accounts available etypes : 23  -133  -128  3  1. Changing or resetting the password of "Account Name" will generate a proper key.

    I have carried out some investigation, and I can see this is coming from a service account used for adding Linux HPC nodes to the AD domain.  Can someone explain why I am seeing this error generated by SCOM.  Inital investigation all points to DES, but this appears in a Microsoft Article for WIN7/2008R2 not supporting it, which is not our specific issue.

    Any help would be much appreciated

    Regards

    Lee

    Registered Technet professional subscription


    Regards PowerShell90

    Monday, July 30, 2012 1:29 PM

Answers

  • Hi,

    How about reset the HPC service account's password?

    Regards


    Yan Li

    TechNet Community Support

    • Marked as answer by PowerShell90 Tuesday, August 14, 2012 7:31 PM
    Tuesday, July 31, 2012 5:25 AM
    Moderator
  • Hi All,

    Sorry for the late reply, but I have been on holiday.  I have attempted to reset the password, but there still is an issue.  As this is really linux issue, I will mark this as complete.

    Thanks for everyone input.


    Regards PowerShell90

    • Marked as answer by PowerShell90 Tuesday, August 14, 2012 7:31 PM
    Tuesday, August 14, 2012 7:31 PM

All replies

  • Hello,

    have you seen http://support.microsoft.com/kb/977321


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Monday, July 30, 2012 1:44 PM
  • Hello Meinolf,

    Thanks for a very quick response.

    Yes, I read this article earlier today, but It states that it relates to win7/server 2008 R2.  I have issue with an HPC service account which is used on a Linux HPC cluster to register clusternodes in our AD domain.  Would you still see this article as relevant for Linux HPC?

    Regards

    Lee


    Regards PowerShell90

    Monday, July 30, 2012 1:51 PM
  • Hello Meinolf,

    Thanks for a very quick response.

    Yes, I read this article earlier today, but It states that it relates to win7/server 2008 R2.  I have issue with an HPC service account which is used on a Linux HPC cluster to register clusternodes in our AD domain.  Would you still see this article as relevant for Linux HPC?

    Regards

    Lee


    Regards PowerShell90

    To answer this part, you need to contact Linux vendor as they can suggest better for their product compatibility with windows 2008 & above. Folks here might not be having expertise to comment on the Linux part.


    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Monday, July 30, 2012 2:16 PM
    Moderator
  • Hi,

    How about reset the HPC service account's password?

    Regards


    Yan Li

    TechNet Community Support

    • Marked as answer by PowerShell90 Tuesday, August 14, 2012 7:31 PM
    Tuesday, July 31, 2012 5:25 AM
    Moderator
  • Hi All,

    Sorry for the late reply, but I have been on holiday.  I have attempted to reset the password, but there still is an issue.  As this is really linux issue, I will mark this as complete.

    Thanks for everyone input.


    Regards PowerShell90

    • Marked as answer by PowerShell90 Tuesday, August 14, 2012 7:31 PM
    Tuesday, August 14, 2012 7:31 PM