InitializeSecurityContext failed with SEC_E_DOWNGRADE_DETECTED

0

I have a question. There's a client and server apps. Client connects to server using kerberos authentication, the client need to retrieve a token from the server - it invokes InitializeSecurityContext function of SSPI API (https://docs.microsoft.com/en-us/windows/win32/api/sspi/nf-sspi-initializesecuritycontexta).

The InitializeSecurityContext function invocation failes with SEC_E_DOWNGRADE_DETECTED exception (message: The system cannot contact a domain controller to service the authentication request. Please try again later. https://docs.microsoft.com/en-us/windows/win32/com/com-error-codes-4)

The client machine is in Windows domain, the user is in this domain, it's possible to ping the domain and all its controllers. The domain is also displayed for a network adapter (vtm.local domain). network adapters

Could you help me? What's the reason of the problem? Why is SEC_E_DOWNGRADE_DETECTED?

Thanks.

wazz

Posted 2019-09-05T08:29:13.417

Reputation: 103

1Could you check the communication between client and KDC using Wireshark? – user1686 – 2019-09-05T08:32:43.743

@grawity, thank you for you question. I will check it. – wazz – 2019-09-05T08:57:19.597

Answers

0

It was my fault. The InitializeSecurityContext function was invoked with incorrect target principal. It was obvious after monitoring tcp connection between client and domain controller by wireshark tool.

wazz

Posted 2019-09-05T08:29:13.417

Reputation: 103

Asked: 2019-09-05T08:29:13.417

Viewed: 74 times

Active: 2019-09-10T12:53:37.967