Home
  •  

Kerberos Certificate Invalid

AP.Remote.Access.Monitor.DA_KERB_HEURISTIC_INVALID_CERT (UnitMonitor)

The certificate used for Kerberos authentication is not valid.

Knowledge Base article:

Summary

Ports required for Kerberos authentication are blocked. Kerberos authentication is required to authenticate clients using Kerberos proxy on this server. For clients to communicate with the proxy, firewalls must allow HTTPS traffic (port 443 by default). The Kerberos proxy must be able to send Kerberos authentication protocol traffic via port 88, and Kerberos change password protocol traffic via port 464 to domain controllers.

Causes

The certificate has expired.

Resolutions

1. Ensure that the certificate is not expired.

2. Renew the expired certificate.

Element properties:

TargetAP.Remote.Access.Class.Kerberos
Parent MonitorSystem.Health.ConfigurationState
CategoryCustom
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeAP.Remote.Access.Monitor.HeuristicMonitorType
RemotableTrue
AccessibilityPublic
Alert Message
Kerberos cert invalid

Error Description - {0}
Error Cause - {1}
Error Resolution - {2}
RunAsDefault

Source Code:

<UnitMonitor ID="AP.Remote.Access.Monitor.DA_KERB_HEURISTIC_INVALID_CERT" Accessibility="Public" Enabled="true" Target="AP.Remote.Access.Class.Kerberos" ParentMonitorID="Health!System.Health.ConfigurationState" Remotable="true" Priority="Normal" TypeID="AP.Remote.Access.Monitor.HeuristicMonitorType" ConfirmDelivery="true">

  <Category>Custom</Category>

  <AlertSettings AlertMessage="AP.Remote.Access.Monitor.DA_KERB_HEURISTIC_INVALID_CERT_AlertMessageResourceID">

    <AlertOnState>Warning</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>Error</AlertSeverity>

    <AlertParameters>

      <AlertParameter1>$Data/Context/DataItem/Property[@Name='ErrorDesc']$</AlertParameter1>

      <AlertParameter2>$Data/Context/DataItem/Property[@Name='ErrorCause']$</AlertParameter2>

      <AlertParameter3>$Data/Context/DataItem/Property[@Name='ErrorResolution']$</AlertParameter3>

    </AlertParameters>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="DA_KERB_HEURISTIC_INVALID_CERT_Error" MonitorTypeStateID="Error" HealthState="Error"/>

    <OperationalState ID="DA_KERB_HEURISTIC_INVALID_CERT_Warning" MonitorTypeStateID="Warning" HealthState="Warning"/>

    <OperationalState ID="DA_KERB_HEURISTIC_INVALID_CERT_Success" MonitorTypeStateID="Healthy" HealthState="Success"/>

  </OperationalStates>

  <Configuration>

    <Interval>300</Interval>

    <SyncTime/>

    <ComponentName>Kerberos</ComponentName>

    <HeuristicId>2148139011</HeuristicId>

    <Debug>false</Debug>

  </Configuration>

</UnitMonitor>