|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Log Collector, Security Analytics Server
RSA Version/Condition: 10.5.0.0
O/S Version: EL6
|Issue||WinRM fails for most domains, and a repeated 401 error is observed in the /var/log/messages file on the Log Collector.|
The error message "doesn't map to a Kerberos realm" also appears in the /var/lib/netwitness/uax/logs/sa.log file on the Security Analytics server appliance.
|Cause||This error indicates a communication failure to port 88 on the Kerberos authentication ticketing host. |
This may be due to a firewall, routing or other base network failure in communication.
|Resolution||Be certain to open port 88 to the Kerberos authentication ticket host, and ensure that base network communications to the Kerberos ticketing host and the Log Collector are open.|