We are using winrm4j for kerberos authentication to connect and run powershell command on remote windows machine. And getting the below exception. Please help.
java.lang.RuntimeException: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Message stream modified (41)))
at org.apache.cxf.transport.http.auth.AbstractSpnegoAuthSupplier.getAuthorization(AbstractSpnegoAuthSupplier.java:86)
at org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getAuthorization(SpnegoAuthSupplier.java:37)
at org.apache.cxf.transport.http.HTTPConduit.setHeadersByAuthorizationPolicy(HTTPConduit.java:792)
at org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:558)
at org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:46)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139)
at com.sun.proxy.$Proxy220.create(Unknown Source)
at io.cloudsoft.winrm4j.client.WinRmClient$3.call(WinRmClient.java:805)
at io.cloudsoft.winrm4j.client.WinRmClient$3.call(WinRmClient.java:800)
at io.cloudsoft.winrm4j.client.WinRmClient.winrmCallRetryConnFailure(WinRmClient.java:897)
at io.cloudsoft.winrm4j.client.WinRmClient.doCreateService_3_InitializeClientAndService(WinRmClient.java:800)
at io.cloudsoft.winrm4j.client.WinRmClient.doCreateServiceWithReflectivelySetDelegate(WinRmClient.java:607)
at io.cloudsoft.winrm4j.client.WinRmClient.createService(WinRmClient.java:536)
at io.cloudsoft.winrm4j.client.WinRmClient.getService(WinRmClient.java:504)
at io.cloudsoft.winrm4j.client.WinRmClient.command(WinRmClient.java:318)
at io.cloudsoft.winrm4j.winrm.WinRmTool.executeCommand(WinRmTool.java:243)
at io.cloudsoft.winrm4j.winrm.WinRmTool.executePs(WinRmTool.java:258)
at **.commandexecutor.impl.WinRM4JPowershellCommandExecutor.executeCommand(WinRM4JPowershellCommandExecutor.java:61)
at **.scheduler.task.async.ExecuteCommandActionTask.checkExecuteOnVm(ExecuteCommandActionTask.java:168)
at **.scheduler.task.async.ExecuteCommandActionTask.executeCommand(ExecuteCommandActionTask.java:96)
at **.scheduler.task.async.ExecuteCommandActionTask.execute(ExecuteCommandActionTask.java:53)
at **.quartz.jobs.AsyncTaskExecuterJob.executeJob(AsyncTaskExecuterJob.java:100)
at **.quartz.jobs.AsyncTaskExecuterJob.execute(AsyncTaskExecuterJob.java:58)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573)
Caused by: GSSException: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Message stream modified (41)))
at sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:454)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
at org.apache.cxf.transport.http.auth.AbstractSpnegoAuthSupplier$CreateServiceTicketAction.run(AbstractSpnegoAuthSupplier.java:209)
at org.apache.cxf.transport.http.auth.AbstractSpnegoAuthSupplier$CreateServiceTicketAction.run(AbstractSpnegoAuthSupplier.java:199)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.apache.cxf.transport.http.auth.AbstractSpnegoAuthSupplier.getToken(AbstractSpnegoAuthSupplier.java:143)
at org.apache.cxf.transport.http.auth.AbstractSpnegoAuthSupplier.getAuthorization(AbstractSpnegoAuthSupplier.java:81)
... 30 more
Caused by: GSSException: No valid credentials provided (Mechanism level: Message stream modified (41))
at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:770)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
at sun.security.jgss.spnego.SpNegoContext.GSS_initSecContext(SpNegoContext.java:882)
at sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:317)
... 38 more
Caused by: KrbException: Message stream modified (41)
at sun.security.krb5.KrbKdcRep.check(KrbKdcRep.java:50)
at sun.security.krb5.KrbTgsRep.(KrbTgsRep.java:87)
at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:251)
at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:262)
at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:308)
at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:126)
at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:693)
... 42 more
We are using winrm4j for kerberos authentication to connect and run powershell command on remote windows machine. And getting the below exception. Please help.
java.lang.RuntimeException: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Message stream modified (41))) at org.apache.cxf.transport.http.auth.AbstractSpnegoAuthSupplier.getAuthorization(AbstractSpnegoAuthSupplier.java:86) at org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getAuthorization(SpnegoAuthSupplier.java:37) at org.apache.cxf.transport.http.HTTPConduit.setHeadersByAuthorizationPolicy(HTTPConduit.java:792) at org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:558) at org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:46) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:514) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:423) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:324) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:277) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:139) at com.sun.proxy.$Proxy220.create(Unknown Source) at io.cloudsoft.winrm4j.client.WinRmClient$3.call(WinRmClient.java:805) at io.cloudsoft.winrm4j.client.WinRmClient$3.call(WinRmClient.java:800) at io.cloudsoft.winrm4j.client.WinRmClient.winrmCallRetryConnFailure(WinRmClient.java:897) at io.cloudsoft.winrm4j.client.WinRmClient.doCreateService_3_InitializeClientAndService(WinRmClient.java:800) at io.cloudsoft.winrm4j.client.WinRmClient.doCreateServiceWithReflectivelySetDelegate(WinRmClient.java:607) at io.cloudsoft.winrm4j.client.WinRmClient.createService(WinRmClient.java:536) at io.cloudsoft.winrm4j.client.WinRmClient.getService(WinRmClient.java:504) at io.cloudsoft.winrm4j.client.WinRmClient.command(WinRmClient.java:318) at io.cloudsoft.winrm4j.winrm.WinRmTool.executeCommand(WinRmTool.java:243) at io.cloudsoft.winrm4j.winrm.WinRmTool.executePs(WinRmTool.java:258) at **.commandexecutor.impl.WinRM4JPowershellCommandExecutor.executeCommand(WinRM4JPowershellCommandExecutor.java:61) at **.scheduler.task.async.ExecuteCommandActionTask.checkExecuteOnVm(ExecuteCommandActionTask.java:168) at **.scheduler.task.async.ExecuteCommandActionTask.executeCommand(ExecuteCommandActionTask.java:96) at **.scheduler.task.async.ExecuteCommandActionTask.execute(ExecuteCommandActionTask.java:53) at **.quartz.jobs.AsyncTaskExecuterJob.executeJob(AsyncTaskExecuterJob.java:100) at **.quartz.jobs.AsyncTaskExecuterJob.execute(AsyncTaskExecuterJob.java:58) at org.quartz.core.JobRunShell.run(JobRunShell.java:202) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) Caused by: GSSException: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Message stream modified (41))) at sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:454) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) at org.apache.cxf.transport.http.auth.AbstractSpnegoAuthSupplier$CreateServiceTicketAction.run(AbstractSpnegoAuthSupplier.java:209) at org.apache.cxf.transport.http.auth.AbstractSpnegoAuthSupplier$CreateServiceTicketAction.run(AbstractSpnegoAuthSupplier.java:199) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:422) at org.apache.cxf.transport.http.auth.AbstractSpnegoAuthSupplier.getToken(AbstractSpnegoAuthSupplier.java:143) at org.apache.cxf.transport.http.auth.AbstractSpnegoAuthSupplier.getAuthorization(AbstractSpnegoAuthSupplier.java:81) ... 30 more Caused by: GSSException: No valid credentials provided (Mechanism level: Message stream modified (41)) at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:770) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) at sun.security.jgss.spnego.SpNegoContext.GSS_initSecContext(SpNegoContext.java:882) at sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:317) ... 38 more Caused by: KrbException: Message stream modified (41) at sun.security.krb5.KrbKdcRep.check(KrbKdcRep.java:50) at sun.security.krb5.KrbTgsRep.(KrbTgsRep.java:87)
at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:251)
at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:262)
at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:308)
at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:126)
at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:693)
... 42 more
Sample Krb configuration file: default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log
[libdefaults] default_realm = CEHTST.COM dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true
[realms] UP.COM = { kdc = ABCDEF123.UP.COM admin_server = ABCDEF123.UP.COM } DOWN.COM = { kdc = ABCDEF234.DOWN.COM admin_server = ABCDEF234.DOWN.COM }
[domain_realm] .up.com = .UP.COM up.com = UP.COM
.down.com = .DOWN.COM down.com = DOWN.COM
[capaths] UP.COM = { DOWN.COM = . } DOWN.COM = { UP.COM = . }
Kinit result: [UP\cross_domain@ABCDEF123 etc]$ klist Ticket cache: FILE:/tmp/krb5cc_16777276 Default principal: cross_domain@DOWN.COM
Valid starting Expires Service principal 03/10/2020 16:30:50 03/11/2020 02:30:50 krbtgt/DOWN.COM@DOWN.COM renew until 03/17/2020 16:30:45