LVDA fails to register to DDC with the following error:

2020-03-06 10:58:17.329 [TRACE] [36] - ListOfLdapServers:
2020-03-06 10:58:17.333 [ERROR] [41] - LDAPSearch.GetKerberosAgentClientSubject: Unable to obtain LDAP Login Context for 'agent.client'. Error: Unable to obtain password from user
.
2020-03-06 10:58:17.333 [DEBUG] [41] - Exception: 
javax.security.auth.login.LoginException: Unable to obtain password from user

    at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:901)
    at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:764)
    at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
    at com.citrix.cds.common.LDAPSearch.getKerberosAgentClientSubject(LDAPSearch.java:466)
    at com.citrix.cds.common.LDAPSearch.searchComputerCharacteristic(LDAPSearch.java:183)
    at com.citrix.cds.common.LDAPSearch.searchComputerSid(LDAPSearch.java:90)
    at com.citrix.cds.brokeragent.InformationManager.getLDAPComputerSID(InformationManager.java:3323)
    at com.citrix.cds.brokeragent.InformationManager.access$000(InformationManager.java:45)
    at com.citrix.cds.brokeragent.InformationManager$1.run(InformationManager.java:1650)
    at java.lang.Thread.run(Thread.java:748)
2020-03-06 10:58:17.333 [ERROR] [41] - InformationManager.GetLDAPComputerSID: Failed to query LDAP server XXXXXXX:389 for computer SID. Error: LDAP Search error: LDAPSearch.GetKerberosAgentClientSubject: Unable to obtain LDAP Login Context.
2020-03-06 10:58:17.333 [DEBUG] [41] - Exception: 
com.citrix.cds.common.LDAPSearch$LDAPSearchException: LDAP Search error: LDAPSearch.GetKerberosAgentClientSubject: Unable to obtain LDAP Login Context.
    at com.citrix.cds.common.LDAPSearch.getKerberosAgentClientSubject(LDAPSearch.java:474)
    at com.citrix.cds.common.LDAPSearch.searchComputerCharacteristic(LDAPSearch.java:183)
    at com.citrix.cds.common.LDAPSearch.searchComputerSid(LDAPSearch.java:90)
    at com.citrix.cds.brokeragent.InformationManager.getLDAPComputerSID(InformationManager.java:3323)
    at com.citrix.cds.brokeragent.InformationManager.access$000(InformationManager.java:45)
    at com.citrix.cds.brokeragent.InformationManager$1.run(InformationManager.java:1650)
    at java.lang.Thread.run(Thread.java:748)
2020-03-06 10:58:17.334 [WARN ] [36] - InformationManager.GetComputerSID: Failed to obtain computer SID from LDAP.
2020-03-06 10:58:17.334 [ERROR] [36] - InformationManager.GetComputerSID: Failed to determine Computer SID for FQDN

• Move krb5.keytab file to another location:

mv /etc/krb5.keytab /root/ -vf

• Recreate keytab file:

net ads keytab create  -U Administrator (Change the “Administrator” user to the user you use to join the machine to AD)

• The above works for Customers using Winbind, For customers using Centrify, you can try the following:

adkeytab -C -m

Problem Cause

LoginContext fails usually because Kerberos error. 

In this particular situation the error happened because the Keytab had wrong SPNs.