Problem:
When configuring vRealize Log Insight for authentication with Active Directory, the following errors were displayed in the ui_runtime.log (ssh to the vRealize Log Insight appliance to check):
Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))]
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)
… 73 more
Caused by: GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))
at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)
… 74 more
Solution:
Use Fully Qualified Domain Names (e.g. mydc1.contoso.com) for the Active Directory Domain Controller servers while configuring authentication. The above problem occurs only when using IP addresses for the Domain Controllers as Kerberos references the Domain Controllers only via their FQDNs.
