Home
  •  

Kerberos unkown error

AP.Remote.Access.Monitor.DA_KERB_HEURISTIC_UNKNOWN (UnitMonitor)

Knowledge Base article:

Summary

Unknown Kerberos Error.

Possible Causes

1. The certificate has been removed from the computer store.

2. The certificate has expired.

3. The certificate binding has been changed by another process or application.

4. Port 443 or the HTTPS protocol is blocked on the Remote Access server.

5. Port 88 or 464 is blocked on the Remote Access server.

6. The kpssvc service was stopped.

7. The service stopped responding.

Resolutions

1. Ensure that a valid certificate exists in the machine store.

2. Ensure that the certificate is not expired.

3. Renew the expired certificate.

4. Ensure the certificate binding has not been modified.

5. If you bind port 443 with another certificate for use with a different application, ensure that DirectAccess is configured to use the same certificate binding as that application.

6. Ensure that port 443 and the HTTPS protocol are not blocked.

7. Ensure that Port 88 and port 464 is not blocked on the Remote Access server, or on domain controllers.

8. The service will start automatically, or it can be restarted manually.

Element properties:

TargetAP.Remote.Access.Class.Kerberos
Parent MonitorSystem.Health.AvailabilityState
CategoryCustom
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeAP.Remote.Access.Monitor.HeuristicMonitorType
RemotableTrue
AccessibilityPublic
Alert Message
Kerberos uknown error

Error Description - {0}
Error Cause - {1}
Error Resolution - {2}
RunAsDefault

Source Code:

<UnitMonitor ID="AP.Remote.Access.Monitor.DA_KERB_HEURISTIC_UNKNOWN" Accessibility="Public" Enabled="true" Target="AP.Remote.Access.Class.Kerberos" ParentMonitorID="Health!System.Health.AvailabilityState" Remotable="true" Priority="Normal" TypeID="AP.Remote.Access.Monitor.HeuristicMonitorType" ConfirmDelivery="true">

  <Category>Custom</Category>

  <AlertSettings AlertMessage="AP.Remote.Access.Monitor.DA_KERB_HEURISTIC_UNKNOWN_AlertMessageResourceID">

    <AlertOnState>Warning</AlertOnState>

    <AutoResolve>true</AutoResolve>

    <AlertPriority>Normal</AlertPriority>

    <AlertSeverity>Error</AlertSeverity>

    <AlertParameters>

      <AlertParameter1>$Data/Context/DataItem/Property[@Name='ErrorDesc']$</AlertParameter1>

      <AlertParameter2>$Data/Context/DataItem/Property[@Name='ErrorCause']$</AlertParameter2>

      <AlertParameter3>$Data/Context/DataItem/Property[@Name='ErrorResolution']$</AlertParameter3>

    </AlertParameters>

  </AlertSettings>

  <OperationalStates>

    <OperationalState ID="DA_KERB_HEURISTIC_UNKNOWN_Error" MonitorTypeStateID="Error" HealthState="Error"/>

    <OperationalState ID="DA_KERB_HEURISTIC_UNKNOWN_Warning" MonitorTypeStateID="Warning" HealthState="Warning"/>

    <OperationalState ID="DA_KERB_HEURISTIC_UNKNOWN_Success" MonitorTypeStateID="Healthy" HealthState="Success"/>

  </OperationalStates>

  <Configuration>

    <Interval>300</Interval>

    <SyncTime/>

    <ComponentName>Kerberos</ComponentName>

    <HeuristicId>2148139008</HeuristicId>

    <Debug>false</Debug>

  </Configuration>

</UnitMonitor>