title | description | ms.date | author | ms.author | ms.reviewer | ms.custom |
---|---|---|---|---|---|---|
Kerberos tickets - KRB_AP_ERR_TKT_EXPIRED error in SQL Server |
This article provides symptoms and resolution for the consistent authentication errors to SQL Server that impact Kerberos tickets. |
03/13/2024 |
Malcolm-Stewart |
mastewa |
jopilov, haiyingyu, prmadhes, v-jayaramanp |
sap:Connection issues |
This article helps you resolve consistent authentication issues that might affect Kerberos tickets.
Kerberos is a protocol that uses secret keys for providing secure authentication for client or server applications. A ticket is issued to a user for successful authentication. Typically, Kerberos tickets have a lifetime of about 10 hours and are renewed automatically.
The Key Distribution Center (KDC) displays a KRB_AP_ERR_TKT_EXPIRED
error message that indicates that a service has failed.
The Kerberos connection fails if a user tries to use an expired ticket for authentication. For more information, see Kerberos authentication troubleshooting guidance.
To resolve this error, follow these steps:
-
Use the
KLIST purge
command to clear user tickets, or log off and back on, or restart the computer. -
Use the
KLIST
command together with the SSPIClient tool to view and manage Kerberos tickets and service principal names (SPNs), as shown in the following command:KLIST GET MSSQLSvc\SQLProd01.contoso.com:1433