If the eDirectory service principal key has been reset in your KDC, you must update the key for this principal in eDirectory also.
For information on extracting the key, refer to Extracting the Key of the Service Principal for eDirectory.
For information on updating the key for this principal, refer to "Setting a Password for the Kerberos Service Principal" on page 22 of the Kerberos Login Method for NMAS Administration Guide.
The Kerberos LSM error messages are displayed in the Directory Services Trace (DSTrace) or NMASMon (on NetWare only). The error messages are prefixed with NMASKRB.
For example, NMAS: 0: NMASKRB: Unable to accept the context from the eDirectory user FDN.
To capture an NMAS trace using iMonitor, DSTRACE.NLM and NMASMON.NLM, refer to How to capture an NMAS Server trace.
In iManager, click eDirectory Administration > Modify Object to open the Modify Object page.
Select Single Object, then specify the name of the server certificate object.
Click OK.
Click the Certificates tab, then select Trusted Root Certificate and view the details of the certificate.
Click Export to launch the Certificate Export Wizard.
Select the option button, depending on whether you want to export the private key or not, then click Next.
Select the File in binary DER format, then click Next.
Click Save the exported certificate to a file to save the certificate.
After you save the certificate to a file, click Close.