KCD DNS Problem?

0
hey there,

I'm struggling to get KCD working. According to this documentation(https://support.kemptechnologies.com/hc/en-us/articles/203860275-Kerberos-Constrained-Delegation#MadCap_TOC_7_2) there should be an ip address shown after the Line "Attempt to resolve destination"

In my trace I can only see "Attempt to resolve destination [addr type 0][0]" (see below)

Any Ideas?

#13448# do_sso_cert_check: Asi=[74][75]|<I>CN=demo-DEMODC-CA,<S>OU=Demo,OU=User,CN=testuser,E=testuser@demo.local,|
Nov 30 18:08:46 kemp ssomgr: #13448# ci=[18]|CN=demo-DEMODC-CA,|
Nov 30 18:08:46 kemp ssomgr: #13448# cs=[50]|OU=Demo,OU=User,CN=testuser,E=testuser@demo.local,|
Nov 30 18:08:46 kemp ssomgr: #13448# ident=[18]|CN=demo-DEMODC-CA,|
Nov 30 18:08:46 kemp ssomgr: #13448# ident=[50]|CN=testuser,OU=Demo,OU=User,E=testuser@demo.local,|
Nov 30 18:08:46 kemp ssomgr: #13448# aSI=[74]|<I>CN=demo-DEMODC-CA,<S>CN=testuser,OU=Demo,OU=User,E=testuser@demo.local,|
Nov 30 18:08:46 kemp ssomgr: #13448# do_sso_cert_check: Asi=[74][75]|<I>CN=demo-DEMODC-CA,<S>CN=testuser,OU=Demo,OU=User,E=testuser@demo.local,|
Nov 30 18:08:46 kemp ssomgr: #13448# >>>group_processing: started group processing for do_sso_cert_check
Nov 30 18:08:46 kemp ssomgr: #13448# >>> ldap_need_steering_groups: vid=1
Nov 30 18:08:46 kemp ssomgr: #13448# group_processing: chk_sids = 0, chk_allowed_groups = 0, chk_steering_groups = 0
Nov 30 18:08:46 kemp ssomgr: #13448# <<<group_processing: completed group processing for do_sso_cert_check, groupOK=1
Nov 30 18:08:46 kemp ssomgr: #13448# << do_sso_cert_check: rc:0 groupOK:1
Nov 30 18:08:46 kemp ssomgr: #13448# ldap_check_thread(): blob=0x6af7c0 sz=65536
Nov 30 18:08:46 kemp ssomgr: #13448# baseUserName: basename=|testuser|
Nov 30 18:08:46 kemp ssomgr: #13448# >>> kcd_get_user_ticket
Nov 30 18:08:46 kemp ssomgr: #13448# >>>resolve_destination_address: Attempt to resolve destination [addr type 0][0]
Nov 30 18:08:46 kemp ssomgr: resolve_destination_address: Error resolving destination host information for [addr type 0]

thanks in advance

3 comments

Avatar
0
Tony Vaughan

Morning Stefan,

you are correct in that it looks like a DNS issue,

can you check the following

1. you have created a PTR record
2. if you run "ping -a <real server IP> " do you get back a valid response?
3. are you using KCD on a main or sub virtual service?

 

 

Avatar
0
vota

Hi Tony,

problem is already solved. 3. was de actual issue. I was using SubVSs and I got the info below from one of your collueges via a Support-Ticket(#99033):

Certificate Based Authentication is not possible when using SubVSs. In order to accomplish this, we would need to create another VS that doesn't have SubVSs and forward the desired directories to that VS, rather than the Exchange servers directly. Within the new VS, you would populate your Exchange servers.

Thanks,
BR
Stefan

 

 

Avatar
0
Tony Vaughan

Glad to hear you got it resolved :)