Environment
ZENworks Configuration Management 2017 Update 4
Situation
After changing password of the user principal in Active directory users can't login to ZENworks using Kerberos.
ERROR (from ats.log):
[ATS] [123] [zenworks] [CASAServer] [] [(ClientAddr=192.168.0.7)invoke()] [authtoksvc.Krb5Authenticate] [] [] [CASA]
[ATS] [123] [zenworks] [CASAServer] [] [(ClientAddr=192.168.0.7)Krb5Token Constructor()- GSS Exception caught: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)] [authtoksvc.Krb5Authenticate$Krb5Token] [] [] [CASA]
[ATS] [123] [zenworks] [CASAServer] [] [(ClientAddr=192.168.0.7)invoke()- Exception: java.lang.Exception: Authentication Failure] [authtoksvc.Krb5Authenticate] [] [] [CASA]
[ATS] [123] [zenworks] [CASAServer] [] [(ClientAddr=192.168.0.7)invoke()- identId not resolved] [authtoksvc.Authenticate] [] [] [CASA]
Resolution
If the security principal password changes, a new keytab file must be created and uploaded to ZCC per the documentation.