Skip to content

Latest commit

 

History

History
37 lines (23 loc) · 1.68 KB

expired-tickets-issue.md

File metadata and controls

37 lines (23 loc) · 1.68 KB
Raw
title description ms.date author ms.author ms.reviewer ms.custom
Kerberos tickets - KRB_AP_ERR_TKT_EXPIRED error in SQL Server
This article provides symptoms and resolution for the consistent authentication errors to SQL Server that impact Kerberos tickets.
03/13/2024
Malcolm-Stewart
mastewa
jopilov, haiyingyu, prmadhes, v-jayaramanp
sap:Connection issues

KRB_AP_ERR_TKT_EXPIRED error in Kerberos tickets

This article helps you resolve consistent authentication issues that might affect Kerberos tickets.

Kerberos is a protocol that uses secret keys for providing secure authentication for client or server applications. A ticket is issued to a user for successful authentication. Typically, Kerberos tickets have a lifetime of about 10 hours and are renewed automatically.

Symptoms

The Key Distribution Center (KDC) displays a KRB_AP_ERR_TKT_EXPIRED error message that indicates that a service has failed.

Cause

The Kerberos connection fails if a user tries to use an expired ticket for authentication. For more information, see Kerberos authentication troubleshooting guidance.

Resolution

To resolve this error, follow these steps:

  1. Use the KLIST purge command to clear user tickets, or log off and back on, or restart the computer.

  2. Use the KLIST command together with the SSPIClient tool to view and manage Kerberos tickets and service principal names (SPNs), as shown in the following command:

    KLIST GET MSSQLSvc\SQLProd01.contoso.com:1433

More information

Consistent authentication issues in SQL Server