AppFabric caching exception: The target principal name is incorrect.

Question

Now, there are two computers, one for server(hostname: server01), one for client. I installed AppFabric service in server computer, and installed AppFabric client in client computer. I configured server AppFabric in server computer, and I selected SQL for the Caching Service configuration provider, account is domain account. Then I ran PowerShell to start-cachehost, and new –cache –cachename default. It all succeeded.
At last , I download the demo project (Contention), run in client computer to operate cache in server cache.

// Configure Cache Client When loading form 
        private void ContentionDemo_Load(object sender, EventArgs e)
        {
            try
            {
                //Array for the Cache Host
                List<DataCacheServerEndpoint> servers = new List<DataCacheServerEndpoint>(1);
                //Cache Host Details 
                servers.Add(new DataCacheServerEndpoint("server01", 22233));
                //Create cache configuration with disabled local cache (default) on the just added server
                DataCacheFactoryConfiguration configuration = new DataCacheFactoryConfiguration();
                configuration.Servers = servers;
                configuration.LocalCacheProperties = new DataCacheLocalCacheProperties();
                //Create the Non local cache cacheFactory constructor
                myCacheFactory = new DataCacheFactory(configuration);
                //Create the local cache cacheFactory constructor, kept for 5 min.
                configuration.LocalCacheProperties = new DataCacheLocalCacheProperties(1000, new TimeSpan(0, 5, 0),
                                                                DataCacheLocalCacheInvalidationPolicy.TimeoutBased);
                myCacheFactory_LC = new DataCacheFactory(configuration);
                //Get tje reference cache "default"
                myDefaultCache = myCacheFactory.GetDefaultCache();
                //Minimize exception messages
                DataCacheClientLogManager.ChangeLogLevel(System.Diagnostics.TraceLevel.Off);
            }
            catch (System.Exception ex)
            {
                tStatus.Text = ex.ToString();
            }
        }

It throwed exception:
A call to SSPI failed    innerception: The target principal name is incorrect.

If I change the code to:

servers.Add(new DataCacheServerEndpoint("localhost", 22233));

and run this windows app on the same server that I install AppFabric, no problem at all. the problem only happened on the client side.

thanks for any help.

Answer 1

2 questions,

Does server01 resolve from the client ? Do a ping to check that

Also did you grant access to your user using Grant-CacheAllowedClientAccount

http://msdn.microsoft.com/en-us/library/ff428172%28v=ws.10%29.aspx ?

Answer 2

thanks for the reply.

the ping is ok. and I know I should use Grant-CacheAllowedClientAccount to grant access to the user, but I'm not sure which user I should grant, since I login as domain\administrator on server02 and run a windows app to connect server01, so I grant access to domain\administrator, and I also try to use asp.net application to connect, I believe the asp.net web app using default application pool account, so I also grant access domain\server02$.

I also tried grant access to other users, but still get this error.

do I need to setup a SPN (Service Principal Name) on any domain user?

Answer 3

I'm facing the same issue.

The System event log on the cache client says:

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server xy9t0173. The target name used was host/server074. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (DEV.LOCAL) is different from the client domain (DEV.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

xy9t0173 is a domain (service) user account.

Edit: This error occured as soon as I switched from NETWORK SERVICE to a dedicated domain user account.

Answer 4

Have you ever fix this?

I'm facing the same issue, I don't want the Appfabric service to run as NETWORK SERVICE.

Answer 5

The fix is here guys...

http://blogs.msdn.com/b/distributedservices/archive/2012/10/29/authenticationexception-in-appfabric-1-1-caching-for-windows-server.aspx

Answer 6

The fix is here guys...

http://blogs.msdn.com/b/distributedservices/archive/2012/10/29/authenticationexception-in-appfabric-1-1-caching-for-windows-server.aspx

That didn't fix it for me.

I had to register the SPN's of the AppFabric server like this:

hostname/HOST

hostname.domainname.local/HOST