This appendix provides generic information about troubleshooting errors and problems.
![[Important]](images/important.png) | Important |
|---|---|
|
If you think environment and configuration is correctly setup, do double check and ask other person to check possible obvious mistakes or typos. Kerberos setup is generally very brittle and it is not always very easy to debug where the problem lies. |
GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)
If you see abore error indicating missing key type, this will happen
with two different use cases. Firstly your JVM may not support
appropriate encryption type or it is disabled in your krb5.conf
file.
default_tkt_enctypes = rc4-hmac default_tgs_enctypes = rc4-hmac
Second case is less obvious and hard to track because it will lead
into same error. This specific GSSException is throws also if you
simply don’t have a required encryption key which then may be caused
by a misconfiguration in your kerberos server or a simply typo in your
principal.