This section explains the error messages displayed in the Directory Services Trace (DSTrace).
There are a number of possible causes for this error.
Possible Cause: The replay cache is not found.
Action: This is specific to Windows. Check whether the /tmp/rc directory exists under the directory specified by the hkey_local_machine\software\novell\kerberos\1.0\krb5-config\directory registry key.
If not, manually create it.
Possible Cause: The system time between the hosts are not synchronized.
Action: Synchronize the time between the NMAS Client host, the NMAS Server host, and the KDC host.
Possible Cause: The key, the key version, or the key type of the eDirectory service principal in eDirectory and in the KDC might be different.
Action: Perform the procedure given in Extracting the Key of the Service Principal for eDirectory and Setting a Password for the Kerberos Service Principal.
Explanation: The Kerberos Login Method for NMAS failed to acquire the required system resources.
Possible Cause: The memory available is not sufficient.
Action: Ensure that the other processes running on the system are not consuming excess memory.
Possible Cause: The Realm object does not exist under the Kerberos Security container.
Action: Create a Realm object for the required realm. For more information, refer to Creating a New Realm Object.
Possible Cause: The required attributes are not available for the Realm object.
Action: Add the required attributes to the Realm object. For more information, refer to Creating a New Realm Object.
Possible Cause: The eDirectory service principal key might be corrupted.
Action: Perform the procedure mentioned under Creating a Service Principal Object in eDirectory.
Possible Cause: The service principal object might not be present in the eDirectory server.
Action: Perform the procedure mentioned under Creating a Service Principal Object in eDirectory.
Possible Cause: The eDirectory service principal key might not be present in the service principal object on the eDirectory server.
Action: Perform the procedure mentioned under Creating a Service Principal Object in eDirectory.
Possible Cause: The eDirectory service principal key might be corrupted.
Action: Perform the procedure mentioned under Creating a Service Principal Object in eDirectory.
Possible Cause: The realm's master key is corrupted.
Action: Delete the realm and create it again with the master password. Ensure that the master password is the same as the one specified previously while creating the realm.
Possible Cause: The treename is specified in lower case in the eDirectory service principal name.
Action: Refer to Creating a Service Principal for eDirectory.
Possible Cause: The registry entry hkey_local_machine\software\novell\kerberos\1.0\krb5-config\directory registry key is missing.
Action: You must manually create the registry key and its value must be an existing directory. For example: C:\Novell\NDS\