Mailing List Message #98823
From: Mark Romen <>
Subject: Kerberos Problems
Date: Wed, 11 Nov 2009 16:03:18 +0100
To: <>
X-Mailer: CommuniGate Pro MAPI Connector



I’m trying to authenticate my outlook users using kerberos. The goal would be an Outlook that has no need to change the password when a user password is changed in Active Directory.

I’ve exported the Kerberos key on the domain controller of my active directory and imported it into CGP.

Basically I followed the steps described on


On CGP I’ve enabled external authentication, that authenticates my users in Active Directory using RADIUS (which is working).

The problem is that when I enable Windows integrated Authentication on Outlook I get “Aquiring credentials failed [0x80090303]”


In my AD event log I get an entry


Successful Network Logon:

                User Name:             DOMAINTESTER$

                Domain:                  <domain-netbiosname>

                Logon ID:                               (0x0,0x10F09C6)

                Logon Type:           3

                Logon Process:       Kerberos

                Authentication Package:        Kerberos

                Workstation Name:

                Logon GUID:          {bdd37a50-17df-5275-d112-d024f2ad82e8}

                Caller User Name:   -

                Caller Domain:         -

                Caller Logon ID:      -

                Caller Process ID: -

                Transited Services: -

                Source Network Address:

                Source Port:            0


DOMAINTESTER$ is the name of the client computer that executes Outlook


I’ve exported the key as follows:

C:\Documents and Settings\Administrator\Desktop>ktpass -princ imap/MAILDOMAIN.TLD@ADDOMAIN.TLD -mapuser DOMAIN-NETBIOSNAME\cgatepro -pass PASS -out -cry

pto DES-CBC-MD5 -ptype KRB5_NT_SRV_HST

Targeting domain controller: DC.ADDOMAIN.TLD

Using legacy password setting method

Successfully mapped imap/MAILDOMAIN.TLD to cgatepro.

WARNING: pType and account type do not match. This might cause  problems.

Key created.

Output keytab to

Keytab version: 0x502

keysize 52 imap/MAILDOMAIN.TLD@ADDOMAIN.TLD ptype 3 (KRB5_NT_SRV_HST) vno 3 etype 0x3 (

DES-CBC-MD5) keylength 8 (0xc454c18ad398cd62)




I have no idea what the problem could be :-/

Any hints?




Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster