000031471 - WinRM 401 error "doesn’t map to a Kerberos realm" is reported on an RSA Security Analytics Log Collector

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000031471
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Log Collector, Security Analytics Server
RSA Version/Condition:
Platform: CentOS
O/S Version: EL6
IssueWinRM fails for most domains, and a repeated 401 error is observed in the /var/log/messages file on the Log Collector.
The error message "doesn't map to a Kerberos realm" also appears in the /var/lib/netwitness/uax/logs/sa.log file on the Security Analytics server appliance.
CauseThis error indicates a communication failure to port 88 on the Kerberos authentication ticketing host.  
This may be  due to a firewall, routing or other base network failure in communication.
ResolutionBe certain to open port 88 to the Kerberos authentication ticket host, and ensure that base network communications to the Kerberos ticketing host and the Log Collector are open.