'Unable to determine account' error on some computers

Hi all,

I’ve deployed Openfire SSO and I’m using it on many computers, but on 3 of them I get ‘Unable to determine’ account error. On output.log I can read this:

Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false

Refreshing Kerberos configuration

Acquire TGT from Cache

Principal is null

null credentials from Ticket Cache

[Krb5LoginModule] authentication failed

Unable to obtain Princpal Name for authentication

I’ve checked krb5.ini content and registry key (both deployed using Windows group policies) and all is like on working computers. Also tried to delete %APPDATA%\Spark folder and recreated configuration files, but same error is shown. If I disable SSO on those machines and set login information manually I can logon and chat normally.

Environment :

Server : Windows Server 2008 R2

Clients : Windows XP SP3, Windows 7 x64

Any idea? And… how to debug it? I cannot get more info for trying to repair this.

Thanks.

Please check to see If the following conditions are true with the clients you’re having issues with.

Java 8 is being used

Your keytab file was created using DES encryption type

If that is the case, then you’ll need to add allow_weak_crypto=true to your client krb5.ini

Hi again,

those computer are using Java 1.6_31 and tried using weak crypto, but no luck

After cleaning logs folder I get an Spark warning log like this : log

Also tried to logon using a working user on a non-working machine, and SSO fails too.

did they just stop working all of a sudden? or has it never worked on these 3 workstations? have you tried purging your ticket cache on those workstations?