Hi Everyone,
I have odd problem in a our dev environment that I am trying to solve when syncing passwords from Forest 1 - Domain A to Forest 2 - Domain B (no trust). I get the following error when syncing a password from Forest 1 - Domain A to FIM server (rollup
2) in this domain to an account in Forest 2 - Domain B. The specific error is:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 0:12:33.0000 3/12/2013 Z
Error Code: 0xd KDC_ERR_BADOPTION
Extended Error: 0xc00000bb KLIN(0)
Client Realm:
Client Name:
Server Realm: ACME.COM
Server Name: svc_FIMSyncrhoDEV@ACME.COM
Target Name: svc_FIMSyncrhoDEV@ACME.COM@ACME.COM
Error Text:
File: 9
Line: f09
Error Data is in record data.
The FIM server which resides in Forest 1 - Domain can read and write via the AD MA Forest 2 - Domain B without issue. The FIM server is clearly receiving password changes from PCNS and can successfully set passwords for a custom MA that
uses a simple non-kerberos LDAP bind. We have confirmed that the ports are open on these target machines. SPNs set for FIM sync account since the password is clearly being delivered to the FIM server. The FIM server finds Forest 2 - Domain
B via a host file on the local FIM server.
Basically, the FIM server works fine Forest 1 - Domain with Forest 2 - Domain B with the exception of this error. I am not a Kerberos person so any thoughts on this would be greatly appreciated!
