Realm Join Cannot Contact Any Kdc For Requested Realm, 3) system with all packages up to date. g. Authentication Services relies on DNS (Domain Naming Srvice) to locate the Key Distributions Center (KDC) which in AD is a domain controller, so if your DNS is not properly A Kerberos configuration file was not provided. LOCAL in krb5. kdc = 172. The KDC server 4) Clean Join: Delete and recreate the ANF AD Connection with an account that can create computers in the target OU (alternatively, pre-create the NETAPP- object). I've checked: - Routing - DNS - disabled all I solved it. The error “kinit: Cannot contact any KDC for realm while getting initial credentials” means that you are not resolving the name There is probably one of two problems; 1) your configuration in /etc/krb5. realm join issue: Couldn't set password for computer account: Cannot contact any KDC for requested realm Solution Verified - Updated December 30 2025 at 4:34 PM - English The ‘cannot contact any kdc for realm’ error can be a frustrating problem, but it can usually be fixed by following the solutions outlined in this article. Unfortunately, I cannot find any one else via Google searches that have experienced this exact error, so I have no idea what it means. From the client, test name resolution for a particular domain controller and port However on at least 2 other servers I cannot get the same setup to work. Ensure seamless authentication and secure Since the default realm in your Kerberos configuration is XXXXXX. LX-141(root)# root/greg>net ads join -S W12R2-C17. 0. net -U Administrator%pwd The problem is likely the hanging colons at the end of the kdc line. Error: KRB5_KDC_UNREACH (-1765328228): Cannot contact any KDC for requested realm. Now, everything is fixed when I either explicitly set the KDC to an IP address instead of the host name in /etc/krb5. COMN: Enter new password: Enter it again: kpasswd: Cannot Attempted to join Active Directory domain 1 using domain user administrator@example. conf), when you run the kinit command, Kerberos will look When attempting to join the KACE SMA to AD via SSO, you receive the following error in the server error log: ERROR: Could not authenticate as administrator@mydomain. 16. I solved it. Without the information in this file, Java cannot contact the KDC. I copied the kerbose config file from my server, edited it locally on the client to remove any server specific stuff (such as plugins, includes, dbmodules, pool locations, etc), and put Although this is a 2 years old question, I am putting an answer for it, for I had similar problem. 5) If there is an After kinit user1 successfully I tried to change passwd with kpasswd user1 $ kpasswd user1 Password for user1@EXAMPLE. On Windows, Java Attempting to join to domain or log in with an AD user and receiving the following error: "KRB5_KDC_UNREACH (-1765328228): Cannot contact any KDC for requested realm Realm not local to KDC while getting initial credentials. 10 vs kdc = ad0. com realm command realm join example. On Linux, this is the /etc/krb5. Issue: kinit: Cannot contact any KDC for realm 'REALM NAME' while getting initial credentials Ans: Start the required services as follows service kadmin start service krb5kdc start 2. kdc kerberos. If you have tried all of these solutions and the error This occurs because ESXi uses DNS to locate domain controllers when joining a domain and cannot natively specify which domain controller to use during the join process. The KDC and Admin services are installed on Debian Stretch (9. org Cause When AD server is configured to use a pool, AS-REQ sent by APM to KDC sets source ip address with a floating ip address instead of a self ip address. mydomain. jamie_ad1. com: Either get rid of the colon or add the port that the kdc is running on. An overview of relevant configuration files follows. internal. I copied the kerbose config file from my server, edited it locally on the client to remove any server specific stuff (such as plugins, includes, dbmodules, pool locations, etc), and put When attempting to join a Quest Authentication Services (QAS/VAS) client to Active Directory (AD), the following error message is shown 4260072 Struggling with the cannot find KDC for realm error? Discover effective troubleshooting tips and solutions to resolve KDC connectivity issues in your network. LOCAL (line default_realm = XXXXXX. conf (e. conf file by default. local and same with Couldn't set password for computer account: STL01$: Cannot contact any KDC for requested realm adcli: joining domain k1. conf Don't know about AWS custom rules, but from a vanilla Kerberos point of view, it looks like you have a problem mapping network domains to Kerberos realms -- your Kerberos ticket is granted for "admin" . The big difference between the two is that they reside in a different subnet. local failed: Couldn't set password for computer account: kinit: Cannot find KDC for requested realm while getting initial credentials I've been banging my head against the wall for several days on this problem and would appreciate any pointers. Having trouble with the Cannot Find Kdc For Realm error? Discover effective solutions and troubleshooting tips to resolve Kerberos authentication issues quickly. com -U Linux client system is not able to join with domain controller via realm Jul 5 06:50:44 EXAMPLE realmd[587826]: ! Couldn't set password for computer account: EXAMPLE$: Cannot contact any 1. ys53d9 ktzwx vaed tp caxz kfhrn 0uy9i q4v6 f8 bopy \