Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-1804: dad failed to establish GSS/Kerberos context

Auditing and Monitoring Service ,   Authentication Service ,   Mac & PC Management Service ,  

12 April,16 at 11:02 AM

Applies to: All version of Centrify DirectAudit
dainfo - -diag shows dad is offline with error message: Failed to establish GSS/Kerberos context
dainfo --diag
Establishing connection with dad: Success
Getting dad's online status: Offline
Getting dad's current collector:
Getting dad's offline db size: 0.00 Bytes
Getting offline database information:
Size on disk: 16.00 KB
Database filesystem usage: 3.69 GB used, 8.50 GB total, 4.80 GB free
Machine is Joined to
Pinging adclient: Available
Zone is enabled for auditing
Located collector information from Data/Centrify/Zones/test:
Attempting to connect to collectors:
Host: Port: 4444 - Error: Failed to establish GSS/Kerberos
Direct Audit is NOT enabled on the following:
Kerberos authentication is not possible for services without properly set Service Principal Names (SPNs). SPN is registered in Active Directory under a user account as an attribute called Service-Principal-Name. In the other words, setting improper account to run DirectAudit Collector service will cause this issue.
You can identify the logon account for DirectAudit Collector service by following steps.
  1. Go to Administrative tools -> Service.
  2. Search “Centrify DirectAudit Collector”, Right-click and select Properties.
  3. Go to Log on tab, you should see the logon account name.
If it is set to use “Local System Account”, it should be fine. Please contact Centrify support for further investigation.

If it is configure to use service account or AD user account, please check the account is valid and password does not expire.