Troubleshoot Connection Problems Using Kerberos for Windows


If your Windows workstation has been joined to the Active Directory (AD) domain, there could be some confusion regarding authentication to applications and services. By default, once joined to AD, your workstation will authenticate to AD upon login. If you have installed the Putty+Kerberos package, however, it authenticates to the TerpConnect system via Kerberos authentication, not AD authentication. It's possible for your Putty+Kerberos configuration to inadvertently be switched from Kerberos authentication (correct) to Active Directory authentication (incorrect).

You will know this has happened if you launch Putty and attempt to connect to the TerpConnect system, and you get an error message in your Putty window which says:

GSSAPI error: Unspecified GSS failure.  Minor code may provide more information

GSSAPI mech specific error: Server not found in Kerberos database

If this happens, close the Putty session, then:

  1. Launch the Kerberos Network Identity Manager by clicking Start → All Programs → Kerberos for Windows → Network Identity Manager

    Launching the Kerberos Network Identity Manager

  2. In the Network Identity Manager console you should see two entries:
    • Kerberos (Directory_ID@UMD.EDU)
    • Active Directory (Directory_ID@AD.UMD.EDU):

 



      You should see the entry for Active Directory indicated as the default.

      Kerberos Network Identity console - AD

  3. To make the Kerberos identity the default, right-click on the entry listed as Directory_ID@umd.edu and select Set as default.

    Setting default entry for Network Identity Console

  4. Once you have done this, the Kerberos entry should be listed as the default identity:

    Kerberos Network Identity console - Kerberos

  5. Click File. Select Exit to quit the Network Identity console:

    Quitting out of the Kerberos Network Identity console

Once you have completed this change, you should be able to launch Putty and login as normal.