2 Replies Latest reply on Oct 25, 2017 7:43 AM by manfriday

    Powershell plugin, Kerbros Authentication and a "Server not found in Kerberos database" error

    manfriday Hot Shot

      Hi,

       

      I have set up VCO to use kerberos for adding a powershell host before.

      It works great.

       

      I had to set up a second VCO instance to be able to talk to some clients behind a firewall via SSH and powershell. The "regular" VCO instance can't talk to these clients becuase opening ports for the working VCO is not an option.

      SO, the workaround was, I set up another vco instance, got it added via the multi-node plugin, etc..

       

      The issue came when I tried to add a server as a powershell host. I copied and pasted the krb5.conf file from the working VCO.

      Everything is in the same domain as the "working" VCO/powershell host.

      When I try to add the troublesome host I get the following error:

       

      Workflow execution stack:

      ***

      item: 'Add a PowerShell host/item8', state: 'failed', business state: 'null', exception: 'No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))) (Dynamic Script Module name : addPowerShellHost#19)'

      workflow: 'Add a PowerShell host' (EF8180808080808080808080808080803D80808001270557368849c62c352aa82)

      |  'attribute': name=errorCode type=string value=No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))) (Dynamic Script Module name : addPowerShellHost#19)

      |  'attribute': name=sslUrl type=string value=https://powershellhost.fnal.gov:5986/wsman/

      |  'input': name=name type=string value=powershellhost

      |  'input': name=type type=string value=WinRM

      |  'input': name=transportProtocol type=string value=HTTPS

      |  'input': name=port type=string value=5986

      |  'input': name=hostName type=string value=powershellhost.domain.com

      |  'input': name=username type=string value=username@subdomain.domain.com

      |  'input': name=password type=SecureString value=__NULL__

      |  'input': name=sessionMode type=string value=Shared Session

      |  'input': name=authentication type=string value=Kerberos

      |  'input': name=acceptAllCertificates type=boolean value=true

      |  'input': name=shellCodePage type=string value=IBM437

      |  'output': name=host type=PowerShell:PowerShellHost value=null

      *** End of execution stack.

       

       

      I have consulted The Great Oracle (google), and what it told me was that this is usually a DNS issue, but I have checked my DNS, and I can resolve the hostname, as well as all the KDCs.

      I have looked at the firewall activity, and can see the VCO server talking to the KDC on port 88, the DNS servers on 53, the Powershell Host on 5986. I dont think it's a Firewall issue.

       

      If anyone has any ideas, I'd appreciate it.

       

      Jason