Set-AzureADKerberosServer : ERR_INVALID_UPN Erros

Seth Holek 51 Reputation points
2024-03-15T20:55:15.16+00:00

I am trying to set up WHFB Cloud Kerberos Trust, I get the below error message in PS when trying to Create the Kerberos Server Object in Active Directory.

Set-AzureADKerberosServer -Domain $domain -CloudCredential $cloudCred -DomainCredential $domainCred

Set-AzureADKerberosServer : ERR_INVALID_UPN

At line:1 char:1

  • Set-AzureADKerberosServer -Domain $domain -CloudCredential $cloudCred ...
  • 
        + CategoryInfo          : NotSpecified: (:) [Set-AzureADKerberosServer], ArgumentException
    
        + FullyQualifiedErrorId : System.ArgumentException,Microsoft.AzureAD.Kdc.Management.SetAzureADKerberosServer
    
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,395 questions
0 comments No comments
{count} votes

Accepted answer
  1. JimmySalian-2011 41,916 Reputation points
    2024-03-18T10:06:13.26+00:00

    Hi,

    Not sure what parameters you have used or variables but it seems you are missing the UPN format in the command, as Givarry has provided the links can you check that you have the -UserPrincipalName parameter with the User Principal Name (UPN) of a global administrator.

    • Replace contoso.corp.com in the following example with your on-premises Active Directory domain name.
    • Replace administrator@contoso.onmicrosoft.com in the following example with the UPN of a global administrator.

    Specify the on-premises Active Directory domain. A new Azure AD

    Kerberos Server object will be created in this Active Directory domain.

    $domain = $env:USERDNSDOMAIN

    Enter a UPN of an Azure Active Directory global administrator

    $userPrincipalName = "administrator@contoso.onmicrosoft.com"

    Enter a domain administrator username and password.

    $domainCred = Get-Credential

    Create the new Azure AD Kerberos Server object in Active Directory

    and then publish it to Azure Active Directory.

    Open an interactive sign-in prompt with given username to access the Azure AD.

    Set-AzureADKerberosServer -Domain $domain -UserPrincipalName $userPrincipalName -DomainCredential $domainCred

    So example will be as per the above command if all the variables are correct, also run Powershell with Administrator account.

    Hope this helps.

    JS

    ==

    Please Accept the answer if the information helped you. This will help us and others in the community as well.


1 additional answer

Sort by: Most helpful
  1. Givary-MSFT 27,486 Reputation points Microsoft Employee
    2024-03-18T07:23:10.0866667+00:00

    @Seth Holek Thank you for reaching out to us, with the respect to the above mentioned issue, error says invalid upn, request you to check the upn format which you are providing while executing this Set-AzureADKerberosServer.

    You can refer to the below mentioned articles for reference:

    https://learn.microsoft.com/en-us/entra/identity/authentication/howto-authentication-passwordless-security-key-on-premises

    https://github.com/MicrosoftDocs/azure-docs/issues/94801

    If doesn't help let me know, we can connect offline to review this issue and troubleshoot further.

    0 comments No comments