Hello,

I have a SA2500 and a active directory server 2003. I have a error when the SA2500 downloading users count. My AD is good because my firewall can connect it. Users are downloading...

For configure SA2500 i use this page : http://www.juniperforum.com/index.php/topic,5170.0.html

Only part : 1. Here the configuration of Active Directory Authentication Server on IVE.

Test configuration say : "Configuration successful. No errors detected."

If Kerberos is alone, i have a error :

Error while joining domain XXXXXX. Possible causes:
- The specified administrator credentials do not properly authenticate.
- The specified domain or domain controller may not be valid.

If NTLM v2 is alone => it's ok.

But I have a error when i want download users count.

I want to use Kerberos, and when i do "test configuration" my SA2500 send a packet at my AD for authentification :

SA2500 to AD - KRB5 : AS - REQ

AD to SA2500 - KRB5 : AS - REP

SA2500 to AD - KRB5 : TGS - REQ

AD to SA2500 - KRB5 : TGS - REP

it's ok... after

SA2500 to AD - KRB5 : AS - REQ

AD to SA2500 - KRB5 : KRB Error : KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN

IVE is registred in AD :

Mydomain\Computers\IVEname

And i approve for delegation "computers IVE"

Thanks for help.

Guilhem

P.S: I read RFC4120 & 6.2-IVEAdminGuide.pdf