- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-01-2016 07:36 PM
Failure: Error while fetching Kerberos Tickets from server 'x.x.x.x' :
Failure: Queries to server 'x.x.x.x' on port 389 failed :
Server doesn't accept anonymous queries
Solved! Go to Solution.
- Labels:
-
Web Security
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-02-2016 03:09 PM
Please ensure your WSA can reach your configured DC's 389 port and also ensure your WSA hostname has a valid DNS A record in your internal DNS server.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-02-2016 03:09 PM
Please ensure your WSA can reach your configured DC's 389 port and also ensure your WSA hostname has a valid DNS A record in your internal DNS server.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-03-2018 01:02 AM
please how i can ensure that my WSA can reach configured DC's 389 port
best regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-04-2018 05:02 PM
Hi,
You can use 'telnet' test from WSA CLI by issuing 'telnet' command and select M1 interface and enter your DC address and port 389 and make sure it can connect.
You can also do packet capture from WSA to the DC and do test authentication (where you get the error message from) and from the capture filter on port 389 to see the packets communication
Regards
Handy Putra
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-05-2018 05:21 AM
Hi Handy
I have already test the Telnet from WSA to AD but unfortinutly not works, I can not Telnet AD from WSA on 389 port or any other port
please see the below error
ALGWSAPXYMGT01> telnet
Please select which interface you want to telnet from.
1. Auto
2. Failover Group 1 (10.111.66.19/24: ALGWSAPXY)
3. Failover Group 2 (10.111.66.20/24: ALGWSAPXY.)
4. Management (10.111.48.62/24: ALGWSAPXYMGT01.)
5. P1 (10.111.66.21/24: ALGWSAPXYINT01.)
6. P2 (10.111.67.21/24: ALGWSAPXY01.)
[1]> 4
Enter the remote hostname or IP address.
[]> 10.111.106.12
Enter the remote port.
[23]> 389
Trying 10.111.106.12...
Connected to 10.111.106.12.
Escape character is '^]'.
Connection closed by foreign host.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-05-2018 05:34 AM
hi handy
also see please the error message at my WSA when I do a test
.
|
|
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-05-2018 07:20 PM
Hi,
From your telnet output, the connection to your DC on port 389 is actually connected:
Enter the remote port.
[23]> 389
Trying 10.111.106.12...
Connected to 10.111.106.12.
However from your error message, it is having issues in getting the kerberos ticket from your 10.115.106.11 server (the telnet test that you performed is to 10.111.106.12)
And it is complaining that the credential is not correct:
kinit: krb5_get_init_creds: Client (SKDWSAPXYMGT02$@CORP.ATELAT.DZ) unknown
Please check the AD account that you are using when joining WSA to the domain, make sure you are using administrator account or an account that has privilege to create objects in the AD server.
Would recommend to open a TAC case if you need further in depth assistance
Regards
Handy Putra
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-05-2018 07:54 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-06-2018 03:04 AM
yes I'm not in 10.5.2 and i can not check if SMB1 is tuned off or not, let me do system upgrade and back to you
thanks
Best Regards
A.kermia
|
