Kerberos error on 3.3.4 with CTDB

Thu Feb 4 09:38:31 MST 2010

Following up on my own message here:

The application that generates the error below runs 24x7.  The error
crashes the Windows XP IIS application.  This has apparently been
happening since 3.3.4 was installed.

Note: The problem self-resolves after 45 min.  Any connection within the
45 minute timeslot fails identically.  After 45 min everything is happy
for another week.  Alternately, restarting IIS solves the problem also.
 Wierd!

Event logging on the Windows XP Pro client shows the following:

 Client Time:
 Server Time: 16:7:10.0000 2/4/2010 Z
 Error Code: 0xd KDC_ERR_BADOPTION
 Extended Error: 0xc00000bb KLIN(0)
 Client Realm:
 Client Name:
 Server Realm: HOSTREL.LCL
 Server Name: host/res-iis-02.hostrel.lcl
 Target Name: host/res-iis-02.hostrel.lcl at HOSTREL.LCL
 Error Text:
 File: 9

Hoping this will help to clarify best steps to resolve this problem.
Does anyone have a pointer to help identify the cause.  Should we pursue
updating first?

I have asked for a Wireshark trace, but that will have to wait until
next weeks window of misfortune.

- John T.

On 02/04/2010 10:19 AM, John H Terpstra wrote:
> Guys,
> 
> An IIS server that is accessing Samba CTDB is generating the following
> error.  It happens at the same time every week (approx 11:08-11:15am
> every Thursday) it only happens within this specific time window - wierd!
> 
> Any ideas or suggestions?  Have already recommended updating to the
> latest 3.3.10.
> 
> Here is the log snippet.
> 
> Cheers,
> John T.
> 
> [2010/02/04 11:13:55,  3]
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1175)
>   Doing spnego session setup
> [2010/02/04 11:13:55,  3]
> smbd/sesssetup.c:reply_sesssetup_and_X_spnego(1210)
>   NativeOS=[Windows Server 2003 R2 3790 Service Pack 2] NativeLanMan=[]
> PrimaryDomain=[Windows Server 2003 R2 5.2
> ]
> [2010/02/04 11:13:55,  3] smbd/sesssetup.c:reply_spnego_negotiate(802)
>   reply_spnego_negotiate: Got secblob of size 1204
> [2010/02/04 11:13:55,  3]
> libads/kerberos_verify.c:ads_secrets_verify_ticket(296)
>   ads_secrets_verify_ticket: enc type [23] failed to decrypt with error
> Decrypt integrity check failed
> [2010/02/04 11:13:55,  3] libads/kerberos_verify.c:ads_verify_ticket(471)
>   ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type)
> [2010/02/04 11:13:55,  1] smbd/sesssetup.c:reply_spnego_kerberos(350)
>   Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
> [2010/02/04 11:13:55,  3] smbd/error.c:error_packet_set(61)
>   error packet at smbd/sesssetup.c(352) cmd=115 (SMBsesssetupX)
> NT_STATUS_LOGON_FAILURE
> [2010/02/04 11:13:55,  3] smbd/process.c:smbd_process(1930)
>   receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
> [2010/02/04 11:13:55,  3] smbd/sec_ctx.c:set_sec_ctx(324)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2010/02/04 11:13:55,  3] smbd/connection.c:yield_connection(31)
>   Yielding connection to
> [2010/02/04 11:13:55,  3] smbd/server.c:exit_server_common(971)
>   Server exit (normal exit)