Ad Widget

Collapse

No Kerberos credentials available

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Cameron94
    Junior Member
    • Apr 2021
    • 14
    #1

    No Kerberos credentials available

    Dear Members,

    I have encountered a problem which I did not have with zabbix 5.0. Currently I am using CentOS8 with Zabbix 5.4 latest version and I want to setup Email with Exchange 2019. The problem is even though every configuration is the same that ran smootly with zabbix 5.0, now I can not send email and this is the log from zabbix. changing the port and authentication type is not an option for me. Please Let me know if anybody have had the same problem.



    2216205:20210816:114653.814 zbx_ipc_socket_read() code:1100 size:202 data:13 00 00 00 00 00 00 00 | 04 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00 | 15 00 00 00 6b 2e 61 73 | 68 74 61 72 69 40 65 72 | 6e 79 6b 61 2e 63 6f 6d | 00 0d 00 00 00 54 65 73 | 74 20 73 75 62 6a 65 63 | 74 00 25 00 00 00 54 68 | 69 73 20 69 73 20 74 68 | 65 20 74 65 73 74 20 6d | 65 73 73 61 67 65 20 66 | 72 6f 6d 20 5a 61 62 62 | 69 78 00 10 00 00 00 6d | 61 69 6c 2e 65 72 6e 79 | 6b 61 2e 63 6f 6d 00 4b
    2216205:20210816:114653.814 End of zbx_ipc_socket_read():SUCCEED
    2216205:20210816:114653.814 In send_email() smtp_server:'mail.******.com' smtp_port:587 smtp_security:1 smtp_authentication:1
    2216205:20210816:114653.814 * Trying 172.22.1.15...
    2216205:20210816:114653.814 * TCP_NODELAY set
    2216205:20210816:114653.815 * Connected to mail.*****.com (172.22.1.15) port 587 (#0)
    2216205:20210816:114653.816 < 220 KM-Exch1.******.com Microsoft ESMTP MAIL Service ready at Mon, 16 Aug 2021 11:46:21 +0430
    2216205:20210816:114653.816 > EHLO zabbix
    2216205:20210816:114653.817 < 250-KM-Exch1.******.com Hello [172.22.5.10]
    2216205:20210816:114653.817 < 250-SIZE 37748736
    2216205:20210816:114653.817 < 250-PIPELINING
    2216205:20210816:114653.817 < 250-DSN
    2216205:20210816:114653.817 < 250-ENHANCEDSTATUSCODES
    2216205:20210816:114653.817 < 250-STARTTLS
    2216205:20210816:114653.817 < 250-AUTH GSSAPI NTLM
    2216205:20210816:114653.817 < 250-8BITMIME
    2216205:20210816:114653.817 < 250-BINARYMIME
    2216205:20210816:114653.817 < 250-CHUNKING
    2216205:20210816:114653.817 < 250 SMTPUTF8
    2216205:20210816:114653.817 > STARTTLS
    2216205:20210816:114653.818 < 220 2.0.0 SMTP server ready
    2216205:20210816:114653.830 * successfully set certificate verify locations:
    2216205:20210816:114653.830 * CAfile: /etc/pki/tls/certs/ca-bundle.crt
    CApath: none
    2216205:20210816:114653.830 * TLSv1.3 (OUT), TLS handshake, Client hello (1):
    2216205:20210816:114653.833 * TLSv1.3 (IN), TLS handshake, Server hello (2):
    2216205:20210816:114653.833 * TLSv1.2 (IN), TLS handshake, Certificate (11):
    2216205:20210816:114653.833 * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
    2216205:20210816:114653.833 * TLSv1.2 (IN), TLS handshake, Server finished (14):
    2216205:20210816:114653.835 * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
    2216205:20210816:114653.835 * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
    2216205:20210816:114653.835 * TLSv1.2 (OUT), TLS handshake, Finished (20):
    2216205:20210816:114653.838 * TLSv1.2 (IN), TLS handshake, Finished (20):
    2216205:20210816:114653.838 * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
    2216205:20210816:114653.838 * Server certificate:
    2216205:20210816:114653.838 * subject: CN=KM-Exch1
    2216205:20210816:114653.838 * start date: Jul 28 15:29:20 2021 GMT
    2216205:20210816:114653.838 * expire date: Jul 28 15:29:20 2026 GMT
    2216205:20210816:114653.838 * issuer: CN=KM-Exch1
    2216205:20210816:114653.838 * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
    2216205:20210816:114653.838 > EHLO zabbix
    2216205:20210816:114653.838 < 250-KM-Exch1.******.com Hello [172.22.5.10]
    2216205:20210816:114653.838 < 250-SIZE 37748736
    2216205:20210816:114653.838 < 250-PIPELINING
    2216205:20210816:114653.838 < 250-DSN
    2216205:20210816:114653.838 < 250-ENHANCEDSTATUSCODES
    2216205:20210816:114653.838 < 250-AUTH GSSAPI NTLM LOGIN
    2216205:20210816:114653.838 < 250-8BITMIME
    2216205:20210816:114653.838 < 250-BINARYMIME
    2216205:20210816:114653.838 < 250-CHUNKING
    2216205:20210816:114653.838 < 250 SMTPUTF8
    2216205:20210816:114653.838 > AUTH GSSAPI
    2216205:20210816:114653.839 < 334 GSSAPI supported
    2216205:20210816:114653.843 * gss_init_sec_context() failed: No Kerberos credentials available (default cache: KCM).
    2216205:20210816:114653.843 * Closing connection 0
    2216205:20210816:114653.843 * TLSv1.2 (OUT), TLS alert, close notify (256):
    2216205:20210816:114653.844 failed to send email: Failure when receiving data from the peer
    2216205:20210816:114653.844 End of send_email():FAIL
    2216205:20210816:114653.844 In zbx_ipc_socket_write()
    2216205:20210816:114653.844 End of zbx_ipc_socket_write():SUCCEED
    2216205:20210816:114653.844 zbx_setproctitle() title:'alerter #3 [sent 0, failed 0 alerts, idle 75.268759 sec during 75.330811 sec]'
    2216205:20210816:114653.844 In zbx_ipc_socket_read()
    Tags: None
    • Cameron94
      Junior Member
      • Apr 2021
      • 14
      #2
      Dear Members,

      my problem is not resolved yet. I would really appreciate your comment.

      Kind Regards

        Comment

        • tim.mooney
          Senior Member
          • Dec 2012
          • 1427
          #3
          Was the Zabbix 5.0 install where this worked on a different server, or an older OS?

          If the answer to that is "yes", was the different server or older OS install a member of your Active Directory domain?

            Comment

            • Cameron94
              Junior Member
              • Apr 2021
              • 14
              #4
              Dear Tim,

              Thanks a lot for your reply.
              My previous installation was on a CentOs 7 with Zabbix 5.0 and that system was not a member of my Active Directory domain.

                Comment

                • xaban
                  Junior Member
                  • Aug 2021
                  • 4
                  #5
                  I don't think it is related, but you could give it a try.

                  What is the current crypto policy?

                  update-crypto-policies --show

                  If DEFAULT/FIPS/FUTURE, try to change it to LEGACY.

                  update-crypto-policies --set LEGACY

                  Reboot your machine and check if same problem is still present.

                    Comment

                    • Cameron94
                      #5.1
                      Cameron94 commented
                      02-09-2021, 05:56
                      Editing a comment
                      Thanks for your help. Unfortunately it didn't work.
                    • cyber
                      Senior Member
                      Zabbix Certified SpecialistZabbix Certified Professional
                      • Dec 2006
                      • 4806
                      #6
                      2216205:20210816:114653.838 > AUTH GSSAPI
                      2216205:20210816:114653.839 2216205:20210816:114653.843 * gss_init_sec_context() failed: No Kerberos credentials available (default cache: KCM).
                      2216205:20210816:114653.843 * Closing connection 0
                      I don't think its the issue of Zabbix but the secure connection config of your server... try to compare it to old one...All the openssl stuff etc...
                      Log shows, that your exchange answers and then upgrades connection to TLS and that is where things go wrong...

                        Comment

                        Previous template Next
                        Working...