locked
InitializeSecurityContext returns SEC_E_KDC_UNKNOWN_ETYPE RRS feed

  • Question

  • I'm working on a client/server application and I've implemented single-sign on via Kerberos authentication. The code that acquires the TGT to send to the server is failing with SEC_E_KDC_UNKNOWN_ETYPE from the call to the InitializeSecurityContext API. The parameters that I'm passing are the following:

    ChkSspi(InitializeSecurityContext(&hCred,
                                          NULL,                     // Context pointer; not used for Kerberos
                                          const_cast<SEC_WCHAR*>(spn.c_str()),
                                          ISC_REQ_CONFIDENTIALITY |
                                            ISC_REQ_ALLOCATE_MEMORY,
                                          NULL,                     // Reserved
                                          SECURITY_NETWORK_DREP,    // Byte ordering
                                          NULL,                     // Context buffer; not used for Kerberos
                                          NULL,                     // Reserved
                                          &hCtxt,                  
                                          &outBuffDesc,
                                          &contextAttributes,
                                          &lifetime));

    This only seems to fail with a Windows 7 client. Vista (32 and 64) and XP work fine on the same network and same user account.

    Does anyone have any ideas on what I should be looking at to debug this issue?

    Thanks in advance!
    Wednesday, September 16, 2009 5:57 PM

All replies

  • Looks like the group policy for Kerberos authentication encryption types are all turned off in Windows 7 (not sure if this is true in all cases). Setting the encryption type in the policy and rebooting fixed the issue. Thanks everyone for your help!!! :-P
    Wednesday, September 16, 2009 11:11 PM