Cloud Kerberos – Failed to read secrets from the domain
Hi all,
Apologies if this is the wrong place to post this!
I am looking at understanding Cloud Kerberos and the uses behind it, primarily for WHfB for now. Following the guide on the Microsoft page, I get an error when running on the DC
Passwordless security key sign-in to on-premises resources – Microsoft Entra ID | Microsoft Learn
Set-AzureADKerberosServer : Failed to read secrets from the domain TWLAB.LOCAL.
The lab environment has 2 DCs at different sites but replicate between each other without issue.
The process creates an entry in AD but when I run the command below (GA details is an address, just changed for the forum post)
Get-AzureADKerberosServer -Domain $domain -UserPrincipalName “GA details” -DomainCredential $domainCred
I get the output below…
Id : 16451
UserAccount : CN=krbtgt_AzureAD,CN=Users,DC=DOMAIN,DC=LOCAL
ComputerAccount : CN=AzureADKerberos,OU=Domain Controllers,DC=DOMAIN,DC=LOCAL
DisplayName : krbtgt_16451
DomainDnsName : DOMAIN.LOCAL
KeyVersion : 1598799
KeyUpdatedOn : 27/07/2024 06:41:15
KeyUpdatedFrom : PDC.DOMAIN.LOCAL
CloudDisplayName :
CloudDomainDnsName :
CloudId :
CloudKeyVersion :
CloudKeyUpdatedOn :
CloudTrustDisplay :
Can you advise why the secrets aren’t being found and the cloud information not populated?
This is a lab enviroment so if needed, we can get a bit rough with it.
Any help would be welcomed.
Kind regards
Tom
Hi all, Apologies if this is the wrong place to post this! I am looking at understanding Cloud Kerberos and the uses behind it, primarily for WHfB for now. Following the guide on the Microsoft page, I get an error when running on the DCPasswordless security key sign-in to on-premises resources – Microsoft Entra ID | Microsoft Learn Set-AzureADKerberosServer : Failed to read secrets from the domain TWLAB.LOCAL. The lab environment has 2 DCs at different sites but replicate between each other without issue. The process creates an entry in AD but when I run the command below (GA details is an address, just changed for the forum post)Get-AzureADKerberosServer -Domain $domain -UserPrincipalName “GA details” -DomainCredential $domainCred I get the output below…Id : 16451
UserAccount : CN=krbtgt_AzureAD,CN=Users,DC=DOMAIN,DC=LOCAL
ComputerAccount : CN=AzureADKerberos,OU=Domain Controllers,DC=DOMAIN,DC=LOCAL
DisplayName : krbtgt_16451
DomainDnsName : DOMAIN.LOCAL
KeyVersion : 1598799
KeyUpdatedOn : 27/07/2024 06:41:15
KeyUpdatedFrom : PDC.DOMAIN.LOCAL
CloudDisplayName :
CloudDomainDnsName :
CloudId :
CloudKeyVersion :
CloudKeyUpdatedOn :
CloudTrustDisplay : Can you advise why the secrets aren’t being found and the cloud information not populated? This is a lab enviroment so if needed, we can get a bit rough with it. Any help would be welcomed. Kind regardsTom Read More
