Received error from KDC: -1765328366/Client's credentials have been revoked

0 users found this article helpful

Symptoms

First see How to analyze the log files to identify single-sign on (SSO) issues .

Single sign-on fails. In awingu-worker-smc.service.log, a similar error can be seen:

2022-11-14 09:54:23.054560 someawinguhost awingu-worker-smc.service[manage.py:8090]: Using specified cache: /etc/awingu/domains/AWINGUDOMAIN/6bed5d39-96a9-49f1-b9e3-ddc5ca62e52c/kerberos/kerberos_credentials_cache
Using principal: someuser\@somedomain.org@SOMEDOMAIN.ORG
PA Option X509_user_identity = FILE:/etc/awingu/domains/AWINGUDOMAIN/6bed5d39-96a9-49f1-b9e3-ddc5ca62e52c/certificate.pem,/etc/awingu/domains/AWINGUDOMAIN/6bed5d39-96a9-49f1-b9e3-ddc5ca62e52c/private_key.pem
[5746] 1668419663.30183: Getting initial credentials for someuser\@somedomain.org@SOMEDOMAIN.ORG
[5746] 1668419663.30185: Sending unauthenticated request
[5746] 1668419663.30186: Sending request (194 bytes) to SOMEDOMAIN.ORG
[5746] 1668419663.30187: Resolving hostname BSMDC01.SOMEDOMAIN.ORG
[5746] 1668419663.30188: Sending initial UDP request to dgram 192.168.169.1:88
[5746] 1668419663.30189: Received answer (117 bytes) from dgram 192.168.169.1:88
[5746] 1668419663.30190: Sending DNS URI query for _kerberos.SOMEDOMAIN.ORG.
[5746] 1668419663.30191: No URI records found
[5746] 1668419663.30192: Sending DNS SRV query for _kerberos-master._udp.SOMEDOMAIN.ORG.
[5746] 1668419663.30193: Sending DNS SRV query for _kerberos-master._tcp.SOMEDOMAIN.ORG.
[5746] 1668419663.30194: No SRV records found
[5746] 1668419663.30195: Response was not from master KDC
[5746] 1668419663.30196: Received error from KDC: -1765328366/Client's credentials have been revoked
[5746] 1668419663.30197: Retrying AS request with master KDC
[5746] 1668419663.30198: Getting initial credentials for someuser\@somedomain.org@SOMEDOMAIN.ORG
[5746] 1668419663.30200: Sending unauthenticated request
[5746] 1668419663.30201: Sending request (194 bytes) to SOMEDOMAIN.ORG (master)
[5746] 1668419663.30202: Sending DNS URI query for _kerberos.SOMEDOMAIN.ORG.
[5746] 1668419663.30203: No URI records found
[5746] 1668419663.30204: Sending DNS SRV query for _kerberos-master._udp.SOMEDOMAIN.ORG.
[5746] 1668419663.30205: Sending DNS SRV query for _kerberos-master._tcp.SOMEDOMAIN.ORG.
[5746] 1668419663.30206: No SRV records found
kinit: Client's credentials have been revoked while getting initial credentials

Cause

The user's Active Directory account is likely disabled, locked, expired or deleted.

Resolution

Validate the status of the user account in the Active Directory.

Was this article helpful?

Tell us how we can improve it.