Ports required for Kerberos authentication are blocked. Kerberos authentication is required to authenticate clients using Kerberos proxy on this server. \
For clients to communicate with the proxy, firewalls must allow HTTPS traffic (port 443 by default). The Kerberos proxy must be able to send Kerberos authentication protocol traffic via port 88, and Kerberos change password protocol traffic via port 464 to domain controllers.
Ports required for Kerberos authentication are blocked. Kerberos authentication is required to authenticate clients using Kerberos proxy on this server. For clients to communicate with the proxy, firewalls must allow HTTPS traffic (port 443 by default). The Kerberos proxy must be able to send Kerberos authentication protocol traffic via port 88, and Kerberos change password protocol traffic via port 464 to domain controllers.
1. Port 443 or the HTTPS protocol is blocked on the Remote Access server.
2. Port 88 or 464 is blocked on the Remote Access server.
1. Ensure that port 443 and the HTTPS protocol are not blocked.
2. Ensure that Port 88 and port 464 is not blocked on the Remote Access server, or on domain controllers.
Target | AP.Remote.Access.Class.Kerberos | ||
Parent Monitor | System.Health.AvailabilityState | ||
Category | Custom | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | AP.Remote.Access.Monitor.HeuristicMonitorType | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="AP.Remote.Access.Monitor.DA_KERB_HEURISTIC_AUTH" Accessibility="Public" Enabled="true" Target="AP.Remote.Access.Class.Kerberos" ParentMonitorID="Health!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="AP.Remote.Access.Monitor.HeuristicMonitorType" ConfirmDelivery="true">
<Category>Custom</Category>
<AlertSettings AlertMessage="AP.Remote.Access.Monitor.DA_KERB_HEURISTIC_AUTH_AlertMessageResourceID">
<AlertOnState>Warning</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Error</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Data/Context/DataItem/Property[@Name='ErrorDesc']$</AlertParameter1>
<AlertParameter2>$Data/Context/DataItem/Property[@Name='ErrorCause']$</AlertParameter2>
<AlertParameter3>$Data/Context/DataItem/Property[@Name='ErrorResolution']$</AlertParameter3>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="DA_KERB_HEURISTIC_AUTH_Error" MonitorTypeStateID="Error" HealthState="Error"/>
<OperationalState ID="DA_KERB_HEURISTIC_AUTH_Warning" MonitorTypeStateID="Warning" HealthState="Warning"/>
<OperationalState ID="DA_KERB_HEURISTIC_AUTH_Success" MonitorTypeStateID="Healthy" HealthState="Success"/>
</OperationalStates>
<Configuration>
<Interval>300</Interval>
<SyncTime/>
<ComponentName>Kerberos</ComponentName>
<HeuristicId>2148139010</HeuristicId>
<Debug>false</Debug>
</Configuration>
</UnitMonitor>