InitializeSecurityContext returns SEC_E_KDC_UNKNOWN_ETYPE RRS feed

  • Question

  • I'm working on a client/server application and I've implemented single-sign on via Kerberos authentication. The code that acquires the TGT to send to the server is failing with SEC_E_KDC_UNKNOWN_ETYPE from the call to the InitializeSecurityContext API. The parameters that I'm passing are the following:

                                          NULL,                     // Context pointer; not used for Kerberos
                                          ISC_REQ_CONFIDENTIALITY |
                                          NULL,                     // Reserved
                                          SECURITY_NETWORK_DREP,    // Byte ordering
                                          NULL,                     // Context buffer; not used for Kerberos
                                          NULL,                     // Reserved

    This only seems to fail with a Windows 7 client. Vista (32 and 64) and XP work fine on the same network and same user account.

    Does anyone have any ideas on what I should be looking at to debug this issue?

    Thanks in advance!
    Wednesday, September 16, 2009 5:57 PM

All replies

  • Looks like the group policy for Kerberos authentication encryption types are all turned off in Windows 7 (not sure if this is true in all cases). Setting the encryption type in the policy and rebooting fixed the issue. Thanks everyone for your help!!! :-P
    Wednesday, September 16, 2009 11:11 PM