Unable to log on to a Windows Server domain after resetting the user account password by using the Ktpass.exe tool together with the -pass * parameter.
Article ID: KB0083444
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | 7.5 and higher |
Description
Description:
When setting up Kerberos in your Spotfire environment, you can use the ktpass.exe tool to create a keytab file. When using the Ktpass.exe tool together with the /pass * parameter, you are setting a new password. This will result in subsequent login failures when trying to login to a Windows domain using the user account specified when running the ktpass.exe tool.
Symptoms:
Unable to login to any computers in your domain using the user account specified when you ran the ktpass.exe tool.
Cause:
When you use the /pass * parameter in the Ktpass.exe tool, the Ktpass.exe tool appends the following extra characters to the password: \0a
The tool then sends the password to the Active Directory directory service. Active Directory stores an incorrect password for this user account. Because the password is incorrect, the user cannot log on to a Windows Server domain. The problem is in the * character. If you use /pass PASSWORD so that you specify a password, then no extra characters will be appended and the password will be set correctly in the Active directory.
When setting up Kerberos in your Spotfire environment, you can use the ktpass.exe tool to create a keytab file. When using the Ktpass.exe tool together with the /pass * parameter, you are setting a new password. This will result in subsequent login failures when trying to login to a Windows domain using the user account specified when running the ktpass.exe tool.
Symptoms:
Unable to login to any computers in your domain using the user account specified when you ran the ktpass.exe tool.
Cause:
When you use the /pass * parameter in the Ktpass.exe tool, the Ktpass.exe tool appends the following extra characters to the password: \0a
Issue/Introduction
Unable to log on to a Windows Server domain after resetting the user account password by using the Ktpass.exe tool together with the -pass * parameter.
Environment
Windows
Resolution
You can use the KTPASS command with /pass PASSWORD instead and just replace PASSWORD with the password of your choosing.
Example:
ktpass /princ HTTP/<fully qualified hostname>[:<port>]@<realm> /ptype krb5_nt_principal /crypto rc4-hmac-nt /mapuser <service account name> /out spotfire.keytab -kvno 0 /pass PASSWORD
Hotfix available for Windows Server 2003 only.
http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=939980&kbln=en-us
Additional Information
Feedback
Yes
No
Powered by
