Skip to content
  • There are no suggestions because the search field is empty.

WinRM 401 error does not map to a Kerberos realm is reported on an RSA Security Analytics Log Collector

Issue

WinRM fails for most domains, and a repeated 401 error is observed in the /var/log/messages file on the Log Collector.

The error message "does not map to a Kerberos realm" also appears in the /var/lib/netwitness/uax/logs/sa.log file on the Security Analytics server appliance.

Cause

This error indicates a communication failure to port 88 on the Kerberos authentication ticketing host.  
This may be  due to a firewall, routing or other base network failure in communication.

Resolution

Be certain to open port 88 to the Kerberos authentication ticket host, and ensure that base network communications to the Kerberos ticketing host and the Log Collector are open.


Product Details

RSA Product Set: Security Analytics
RSA Product/Service Type: Log Collector, Security Analytics Server
RSA Version/Condition: 10.X
Platform: CentOS
O/S Version: EL6

Summary

This article addresses an issue where repeated error messages stating 401 does not map to a Kerberos realm errors are seen.


Approval Reviewer Queue

RSA NetWitness Suite Approval Queue