Forum Discussion
Kai_Wilke
Feb 08, 2017MVP
Hi MD,
the KDC error
-1765328377
refers to KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN
and means that the domain controller was unable to find an matching service account for this Service Principal Name (SPN).
Please check if the Service Principal Name
HTTP/iis.ad.test.fr
is registered in Activce Directory and that this name is either linked to the service account of your IIS web application (in thew case that IIS Kernel mode caching is disabled) or to the computer account hosting the IIS service (if Kernel mode caching is enabled or if the website is running under a system identity like network service, local system, etc.)
C:\Windows\system32>setspn -Q HTTP/iis.ad.test.fr
The next step would be to check if LTM's service account is already allowed to perform a Kerberos Protocol Transition and Contrained Delegation to this SPN. But lets see if the addition of the SPN already resolves your problem...
Cheers, Kai