A.2. UI Connection Problems
If negotiate authentication is not working, turn on verbose logging for the authentication process to help diagnose the issue:
- Close all browser windows.
- In a terminal, set the new log levels for Firefox:
export NSPR_LOG_MODULES=negotiateauth:5 export NSPR_LOG_FILE=/tmp/moz.logThis enables verbose logging and logs all information to
- Restart the browser from the same terminal window.
Some of the common error messages and workarounds are in Table A.1, “UI Error Log Messages”.
Table A.1. UI Error Log Messages
|Error Log Message||Description and Fix|
-1208550944[90039d0]: entering nsNegotiateAuth::GetNextToken() -1208550944[90039d0]: gss_init_sec_context() failed: Miscellaneous failure No credentials cache found
| There are no Kerberos tickets. Run |
-1208994096[8d683d8]: entering nsAuthGSSAPI::GetNextToken() -1208994096[8d683d8]: gss_init_sec_context() failed: Miscellaneous failure Server not found in Kerberos database
| This can occur when you have successfully obtained Kerberos tickets but are still unable to authenticate to the UI. This indicates that there is a problem with the Kerberos configuration. The first place to check is the |
.example.com = EXAMPLE.COM example.com = EXAMPLE.COM
|Nothing is in the log file.||It is possible that you are behind a proxy which is removing the HTTP headers required for negotiate authentication. Try to connect to the server using HTTPS instead, which allows the request to pass through unmodified. Then check the log file again.|