Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Invalid credentials in webmail or Outlook using AD
  •  
zamvil

Messages: 6
Karma: 0
Send a private message to this user
Hi, I'm using Active directory(AD) with Kerio mail server. I already did the domain's configuration with AD in the console and I already see all the AD users from users section. I already activated some accounts with kerio mail server. But when I try to lo log in to the webmail it displays that the login failed (invalid credentials) and the username and password are correct. The warning log says:


[10/Jan/2005 11:43:21] Kerberos 5 auth: user mzamora<_at_>tecnologia.comimsa.com not authenticated, error code c000018b
[10/Jan/2005 11:43:21] Win Error: 1787 - The security database on the server does not have a computer account for this workstation trust relationship.
[10/Jan/2005 11:43:21] HTTP: Invalid password for user mzamora<_at_>mail4.comimsa.com

The KMS is in a member of the domain. Both KMS and DC have Win2k server SP4.
The AD connector is isntalled in the DC.

Have sombody had this error?
I'm evaualting the KMS with AD and If I don't resolve this problem I will not buy it.

Regards!!!!
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
zamvil wrote on Wed, 12 January 2005 22:35

Hi, I'm using Active directory(AD) with Kerio mail server. I already did the domain's configuration with AD in the console and I already see all the AD users from users section. I already activated some accounts with kerio mail server. But when I try to lo log in to the webmail it displays that the login failed (invalid credentials) and the username and password are correct. The warning log says:


[10/Jan/2005 11:43:21] Kerberos 5 auth: user mzamora<_at_>tecnologia.comimsa.com not authenticated, error code c000018b
[10/Jan/2005 11:43:21] Win Error: 1787 - The security database on the server does not have a computer account for this workstation trust relationship.
[10/Jan/2005 11:43:21] HTTP: Invalid password for user mzamora<_at_>mail4.comimsa.com

The KMS is in a member of the domain. Both KMS and DC have Win2k server SP4.
The AD connector is isntalled in the DC.

Have sombody had this error?
I'm evaualting the KMS with AD and If I don't resolve this problem I will not buy it.

Regards!!!!



This error is not related to AD extension and it's not a KMS bug. It's a Kerberos error between KMS host and domain controller (Kerberos server).
The error means that the Service Principial Name (SPN) of KMS host computer is not correct in Active Directory. The SPN must be in the form "host/dns_domain_of KMS_host" and must be correctly configured in AD. If this SPN is not set correctly, use the Windows 2000 Resource Kit tool Setspn.exe as follows:
setspn -R <computer name>

You can find more details in Microsoft on-line knowlegde base.
  •  
zamvil

Messages: 6
Karma: 0
Send a private message to this user
Thanks.

And why I have this problem? The DC is bad configured?

I'm using the setspn but it doesn't work still.

I have some doubts.

In the AD I have to add a user and a computer acount for the KMS to use the setspn?

The KMS is already added to DC with domain administrator account.
  •  
blackhawk

Messages: 2
Karma: 0
Send a private message to this user
I have 3 different AD domains (with 2-way trusts) and 3 different public domains (AD=domain1.local, pub=domain1.com, AD=domain2.local, etc.). I joined the KMS to domain1.local but could not auth users in domain2 or domain3. I created a computer account for the KMS in domain2 & 3 and used setspn -r <computername> on domain2 & 3 - this solved the auth issue.

One caveat, when I did the import I had to use the AD option - NT didn't give me any accounts even though it was setup per Kerio's instructions. I then changed the auth in the user account from Kerberos 5 to NT. I tested it and was able to get in. To verify it was working properly I changed the password in AD and was able to login to Web mail successfully with the new password.

I created a template that specifies NT as the auth & imported some users - it worked.
Previous Topic: Events missing from a public calendar
Next Topic: Error: sql query parse error
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Oct 20 10:34:12 CEST 2017

Total time taken to generate the page: 0.00377 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.