Errors logging in with Kerberos after Security Prinicpal password modified

Document ID:7024086
Creation Date:23-Aug-2019
Modified Date:23-Aug-2019
- Micro Focus Products:
  ZENworks Configuration Management

Environment

ZENworks Configuration Management 2017 Update 4

Situation

After changing password of the user principal in Active directory users can't login to ZENworks using Kerberos.

ERROR (from ats.log):

[ATS] [123] [zenworks] [CASAServer] [] [(ClientAddr=192.168.0.7)invoke()] [authtoksvc.Krb5Authenticate] [] [] [CASA]

[ATS] [123] [zenworks] [CASAServer] [] [(ClientAddr=192.168.0.7)Krb5Token Constructor()- GSS Exception caught: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)] [authtoksvc.Krb5Authenticate$Krb5Token] [] [] [CASA]

[ATS] [123] [zenworks] [CASAServer] [] [(ClientAddr=192.168.0.7)invoke()- Exception: java.lang.Exception: Authentication Failure] [authtoksvc.Krb5Authenticate] [] [] [CASA]

[ATS] [123] [zenworks] [CASAServer] [] [(ClientAddr=192.168.0.7)invoke()- identId not resolved] [authtoksvc.Authenticate] [] [] [CASA]

Resolution

If the security principal password changes, a new keytab file must be created and uploaded to ZCC per the documentation.