Hi, Maxime here :)
Are you machines having an Entra Kerberos ticket and the ticket retrieval at logon is configured? ./Device/Vendor/MSFT/Policy/Config/Kerberos/CloudKerberosTicketRetrievalEnabled
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I'm configuring Azure AD (Entra ID) Kerberos to let Azure AD computers with no line of sight to on-premises domain controllers access a local Windows network share. It works properly when the client computer has line of sight to a domain controller. But it fails when I configure the Hostname to Kerberos realm mappings
policy.
I'm following the steps from the blog post Maxime Rastello | Use Azure AD Cloud Kerberos ticket for on-premises resources to create the Kerberos realm mapping myserver.mydomain.com KERBEROS.MICROSOFTONLINE.COM
(e.g., the command is ksetup /addhosttorealmmap myserver.mydomain.com KERBEROS.MICROSOFTONLINE.COM
).
But when I attempt to access the network share \\myserver.mydomain.com\share
, the following error occurs:
Error code: 0x80004005 Unspecified error
The following events are logged into the Entra ID sign-in logs. I don't understand which appIdentifier
it's looking for. The Windows share I'm attempting to access isn't Azure Files share, so there is no storage account for it and no app registration.
Authentication requirement: Single-factor authentication
Status: Failure
Continuous access evaluation: No
Sign-in error code: 700016
Failure reason: Application with identifier '{appIdentifier}' was not found in the directory '{tenantName}'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.
Additional Details: The application named X was not found in the tenant named Y. This can happen if the application with identifier X has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have misconfigured the Identifier value for the application or sent your authentication request to the wrong tenant
User agent: kerberos/1.0
Hi, Maxime here :)
Are you machines having an Entra Kerberos ticket and the ticket retrieval at logon is configured? ./Device/Vendor/MSFT/Policy/Config/Kerberos/CloudKerberosTicketRetrievalEnabled