Share via

error when trying to generate kerberos keytab file using ktpass

mac9873 1 Reputation point
2021-03-09T12:09:26.83+00:00

hi We are running windows server 2019 standard V 10.0 (17763) I have completed this exact same procedure before without any issues on different domain controllers but all the same configuration and setup but today i am having an issue generating the kerberos keytab file on windows server. This is the command i use ktpass -princ HTTP/proxy.org@.ORG -mapuser <user login name>@.org -pass <password> -crypto all -ptype KRB5_NT_PRINCIPAL -out fpx.keytab I get this error Targeting domain controller: ???.org Successfully mapped HTTP/proxy.org to <user login name>. Password successfully set! WARNING: pType and account type do not match. This might cause problems. Key created. The keytab file does not get created. I have treble checked the AD user on the DC , removed it re added it, checked the password is correct , all is fine. I have treble checked all the user names are correct, the domain names and the REALM and have now hit a brick wall. I have checked with our support team that the DC has the exact same configuration as previous DC's that i have successfully generated the keytab files so i am not doing anything different. The Domain controller can resolve the proxy name so DNS is fine Can you help please many thanks mac

Windows for business | Windows Server | Devices and deployment | Configure application groups

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2021-03-10T02:51:44.697+00:00

    Hello @mac9873 ,

    Thank you for posting here.

    I have done a test in my lab.

    1.Create an account chao in a.local domain.

    2.Run command:
    ktpass /princ host/chao.a.local@A.LOCAL /mapuser chao /pass Zcl1234qwer!!@@ /out machine.keytab /crypto all /ptype KRB5_NT_PRINCIPAL /mapop set
    76076-key1.png

    3.Run command:
    ktpass /princ host/chao.a.local@A.LOCAL /mapuser chao /pass Zcl1234qwer!!@@ /out machine.keytab /crypto all /ptype KRB5_NT_PRINCIPAL -out fpx.keytab
    75959-key2.png

    76077-key3.png

    Please check carefully if the command you are running is correct or not.

    For more information baout ktpass, please refer to the link below.
    ktpass
    https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/ktpass

    Hope the information above is helpful.

    Should you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.