Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2323
Views
15
Helpful
11
Replies

nac AD SSO integration with Microsoft server 2008 error

nataymenessa
Level 1
Level 1

‎12-07-2010 10:56 PM - edited ‎02-21-2020 04:11 AM

this is my problem

C:\Program Files (x86)\Support Tools>ktpass.exe  -princ casuser/AFRICANUNION.LOCAL@AFRICANUNION.LOCAL -mapuser c
asuser -pass cisco -out c:\casuser.keytab -ptype KRB5_NT_PRINCIPAL +DesOnly
Error loading resource: 0x00003b01
Error loading resource: 0x00003b01
Error loading resource: 0x00003b01
Error loading resource: 0x00003b01
Error loading resource: 0x00003b01

why is it showing me this error any idea?

0 Helpful
11 Replies 11

Tiago Antunes
Cisco Employee
Cisco Employee

‎12-08-2010 01:52 AM

Hi,

I am afraid you are running the ktpass with the wrong sintaxe.

Please take a look into the config guide:

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cas/s_adsso.html#wp1174556.

You will see the steps for creating the user and how to run the ktpass command, as weel what is the correct version of the tool and the correct sintaxe for each version of AD.

HTH,

Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

nataymenessa
Level 1
Level 1
In response to Tiago Antunes

‎12-08-2010 03:20 AM

yeah i saw that document but i don't know where i made the mistake

0 Helpful

Tiago Antunes
Cisco Employee
Cisco Employee
In response to nataymenessa

‎12-08-2010 04:41 AM

Well, can you send us a screenshot of the user account like it is showed in:

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cas/s_adsso.html#wp1160497.

What is the complete version of Win2008 Server? SP? R?

What is the ktpass version?

Are you running an 2008 AD environment or 2008 with 2003 functional level?

Thanks,

Tiago

nataymenessa
Level 1
Level 1
In response to Tiago Antunes

‎12-08-2010 09:34 PM

Windows Server 2008-Enterprise Edition, SP1, R1

ktpass version: 6.0.6001.22331

yes, we are running windows server 2008 AD Environment

Preview file
157 KB
0 Helpful

Tiago Antunes
Cisco Employee
Cisco Employee
In response to nataymenessa

‎12-08-2010 11:42 PM

Hi,

I see there are a couple of things you missed...so i would advise to read carefully the documentation as the ktpass run process tend to become very easy to fail...

The version of CAM/CAS you are running 4.7.2, supports Windows 2008 Enterprise SP1 (32-bit only), however you have to:

- Apply Microsoft Windows Hotfix KB951191 (http://support.microsoft.com/kb/951191)
- Use the native Windows 2008 KTPass tool (6.0.6001.18000)
-  (Optional) Issue the KTPass command using a slash (/) instead of a dash  (-), as instructed in the Microsoft TechNet support page (http://technet.microsoft.com/en-us/library/cc753771.aspx) The following illustrates an example command:
C:\Program  Files\Support Tools> ktpass.exe /princ  sanac/TestAD01.testdom.com@TESTDOM.COM /mapuser sanac /pass 123456sS  /out c:\casuser.keytab /ptype KRB5_NT_PRINCIPAL +DesOnly

This information can be found at:

http://www.cisco.com/en/US/docs/security/nac/appliance/support_guide/agntsprt.html#wp103146.

and

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/48/cas/s_adsso.html#wp1240376.

Example:

C:\Program  Files\Support Tools> ktpass.exe /princ casuser/africanunion.local@AFRICANUNION.LOCAL /mapuser casuser /pass Cisco123  /out c:\casuser.keytab /ptype KRB5_NT_PRINCIPAL +DesOnly

HTH,

Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

nataymenessa
Level 1
Level 1
In response to Tiago Antunes

‎12-09-2010 12:50 AM

where can i find ktpass.exe version 6.0.6001.18000

0 Helpful

Tiago Antunes
Cisco Employee
Cisco Employee
In response to nataymenessa

‎12-09-2010 12:53 AM

As you can read the document I already shared with you...on Microsoft.

HTH,

Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

0 Helpful

nataymenessa
Level 1
Level 1
In response to Tiago Antunes

‎12-09-2010 03:34 AM

yeah, i found the link on the document but i could not locate support tools there, i think they moved it.

and onother thing is our AD is 2008 with 2003 functionality so we need ktpass version 6.0.6001.18000 if i am not mistaken

0 Helpful

Tiago Antunes
Cisco Employee
Cisco Employee
In response to nataymenessa

‎12-09-2010 04:07 AM

Yes, you are correct.

HTH,
Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

0 Helpful

nataymenessa
Level 1
Level 1
In response to Tiago Antunes

‎12-09-2010 04:15 AM

so  how do i find this version...shall i email to microsoft? or any ideas?

0 Helpful

Tiago Antunes
Cisco Employee
Cisco Employee
In response to nataymenessa

‎12-10-2010 01:36 AM

Yep, i think the best would be get in touch with microsoft.

HTH,

Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card