000031471 - WinRM 401 error "does not map to a Kerberos realm" is reported on an RSA Security Analytics Log Collector

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jun 11, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000031471
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Log Collector, Security Analytics Server
RSA Version/Condition: 10.X
Platform: CentOS
O/S Version: EL6
IssueWinRM fails for most domains, and a repeated 401 error is observed in the /var/log/messages file on the Log Collector.

The error message "does not map to a Kerberos realm" also appears in the /var/lib/netwitness/uax/logs/sa.log file on the Security Analytics server appliance.
CauseThis error indicates a communication failure to port 88 on the Kerberos authentication ticketing host.  
This may be  due to a firewall, routing or other base network failure in communication.
ResolutionBe certain to open port 88 to the Kerberos authentication ticket host, and ensure that base network communications to the Kerberos ticketing host and the Log Collector are open.