error when trying to generate kerberos keytab file using ktpass

Question

error when trying to generate kerberos keytab file using ktpass

mac9873 1

hi We are running windows server 2019 standard V 10.0 (17763) I have completed this exact same procedure before without any issues on different domain controllers but all the same configuration and setup but today i am having an issue generating the kerberos keytab file on windows server. This is the command i use ktpass -princ HTTP/proxy.org@.ORG -mapuser <user login name>@.org -pass <password> -crypto all -ptype KRB5_NT_PRINCIPAL -out fpx.keytab I get this error Targeting domain controller: ???.org Successfully mapped HTTP/proxy.org to <user login name>. Password successfully set! WARNING: pType and account type do not match. This might cause problems. Key created. The keytab file does not get created. I have treble checked the AD user on the DC , removed it re added it, checked the password is correct , all is fine. I have treble checked all the user names are correct, the domain names and the REALM and have now hit a brick wall. I have checked with our support team that the DC has the exact same configuration as previous DC's that i have successfully generated the keytab files so i am not doing anything different. The Domain controller can resolve the proxy name so DNS is fine Can you help please many thanks mac

Anonymous

2021-03-12T07:59:50.037+00:00

Hello @mac9873 ,

How are things going on your end? Please keep me posted on this issue.
If you have any further questions or concerns about this question, please let us know.
I appreciate your time and efforts.

Best Regards,
Daisy Zhou
Anonymous

2021-03-15T06:50:37.06+00:00

Hello @mac9873 ,
I just want to confirm the current situations.

Please feel free to let us know if you need further assistance.

Best Regards,
Daisy Zhou

1 answer

Your answer

Anonymous

2021-03-12T07:59:50.037+00:00

Hello @mac9873 ,

How are things going on your end? Please keep me posted on this issue.
If you have any further questions or concerns about this question, please let us know.
I appreciate your time and efforts.

Best Regards,
Daisy Zhou
Anonymous

2021-03-15T06:50:37.06+00:00

Hello @mac9873 ,
I just want to confirm the current situations.

Please feel free to let us know if you need further assistance.

Best Regards,
Daisy Zhou

Answer 1

Hello @mac9873 ,

Thank you for posting here.

I have done a test in my lab.

1.Create an account chao in a.local domain.

2.Run command:
ktpass /princ host/chao.a.local@A.LOCAL /mapuser chao /pass Zcl1234qwer!!@@ /out machine.keytab /crypto all /ptype KRB5_NT_PRINCIPAL /mapop set

3.Run command:
ktpass /princ host/chao.a.local@A.LOCAL /mapuser chao /pass Zcl1234qwer!!@@ /out machine.keytab /crypto all /ptype KRB5_NT_PRINCIPAL -out fpx.keytab

Please check carefully if the command you are running is correct or not.

For more information baout ktpass, please refer to the link below.
ktpass
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/ktpass

Hope the information above is helpful.

Should you have any question or concern, please feel free to let us know.

Best Regards,
Daisy Zhou

Share via

error when trying to generate kerberos keytab file using ktpass

1 answer

Your answer