ktpass.exe failing with ldap_open failed for default server: 0x3a

Question

I am trying to generate a keytab file using the instructions online here. No matter what I do, whether I run this on a domain controller, a member server, in PowerShell as administrator, in cmd as administrator, I get the same error:

ktpass /out app1.keytab /princ http/adtrml0.ml.test@ml.test /mapuser mlservice /crypto AES256-SHA1 /ptype KRB5_NT_PRINCIPAL /pass myP@ssword477 /target adtrml0.ml.test

Using legacy password setting method
FAIL: ldap_open failed for default server: 0x3a.

I cannot seem to find any information online about this error.

I even tried creating a fresh domain with a single DC and running this on the new DC right after promoting it, and I still get this error.

Any idea what this is all about and how I can address it?

score 0 · Answer 1 · answered Feb 04 '19 at 17:29

0

Believe it or not, the problem was a misconfigured subnet mask!

My subnet mask was too big for the subnet. After changing it to the appropriate size, all the commands that were failing passed.

answered Feb 04 '19 at 17:29

tacos_tacos_tacos

3,220
16
58
97

score 0 · Answer 2 · answered Jul 24 '19 at 07:57

From the instructions you referred it says

/target is used to indicate which domain controller will be queried (it is optional, but can be useful if you have more than one domain in your forest)

I guess the argument you supplied for \target is web server domain name adtrml0.ml.test.

It should be the valid domain controller name of the AD Server. Example: dc1.company.com

ktpass.exe failing with ldap_open failed for default server: 0x3a

2 Answers2