Create new user in Web Console results in error: Do Not Require Kerbos Authentication is invalid

  • 7021241
  • 24-Aug-2017
  • 07-Sep-2017


NetIQ Directory and Resource Administrator 9.1.0
NetIQ Directory and Resource Administrator REST Services 9.1.0
NetIQ Directory and Resource Administrator Web Console 9.1.0


The DRA Web console allows DRA User's the ability to create a new user. As a part of the new user wizard, the ability exists to set certain AD properties. Within the web console. the new user wizard will incorrectly display an error indicating the Do Not Require Kerberos Authentication setting for the user is invalid


This requires an edit of two JSON files used by the Web Client, and one JSON file used by the REST Services. This edit must be done on every IIS Server and Rest Server.

  1. File #1 -- C:\inetpub\wwwroot\DRAClient\components\lib\ui-templates\user-property-pages.json
    • Line 237 -- Change FROM "dataField": "dontRequirePreauth"  TO "dataField": "dontRequireKerberosPreauth"
  2. File #2 -- C:\inetpub\wwwroot\DRAClient\locale\en-us\localized-templates.json
    • Line 3065 -- Change FROM "dontRequirePreauth": { TO "dontRequireKerberosPreauth": {
  3. File #3 -- C:\Program Files (x86)\NetIQ\DRA Extensions\DRARestConfiguration.json
    • This file is Local to ever Server hosting the NetIQ DRA REST Service
    • Line 1161 -- Change FROM "clientPropertyName": "dontRequirePreauth",TO "clientPropertyName": "dontRequireKerberosPreauth",

Additional Information

This issue only affects the product versions listed within the environment section.

NetIQ Recommends that you create a back up of all files, before making any changes. The file changes must be made on each IIS Sever hosting the DRAClient Website and each Windows OS hosting the NetIQ DRA Rest Service.