Director Error “Cannot retrieve the data.” for all data when pointing to a specific DDC

Director Error “Cannot retrieve the data.” for all data when pointing to a specific DDC

book

Article ID: CTX225294

calendar_today

Updated On:

Description

Director not showing any data when pointing to a specific DDC with error "Cannot retrieve the data".

User-added image
 

Environment

Citrix is not responsible for and does not endorse or accept any responsibility for the contents or your use of these third party Web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked Web site. It is your responsibility to take precautions to ensure that whatever Web site you use is free of viruses or other harmful items.

Resolution

Follow the below steps to remove the duplicate SPN's

To identify the duplicate SPN:


1.       Log on to the DDC which has the problem.
2.       Click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
3.       If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
4.       Type setspn -X or csvde -f  C:\Temp\spn.csv -d ” dc=domain,dc=in” -r “(ServicePrincipalName=*computer_name*)” -l “cn” (Above command will return all the object which contain servername on ServicePrincipalName attribute on domain.in Domain).
5.       The output of this command will show the duplicate SPNs.
6.       Use the following procedure to remove one of the duplicate SPNs.

 

To remove an SPN:


1.       Click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
2.       If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
3.       Type setspn -D<SPN> <computer_name>, where SPN is the name of the duplicate SPN and computer_name is the name of the computer that is assigned the duplicate SPN.

Problem Cause

The issue was caused because of the Duplicate SPN for the DDC computer name for http because of which the authentication was failing.
In the Wireshark traces you will see the Kerberos error "KRB5KRB_AP_ERR_MODIFIED"

User-added image

 

Issue/Introduction

Director not showing any data when pointing to a specific DDC with error "Cannot retrieve the data"
Powered by Wolken Software