KRB_AP_ERR_TKT_EXPIRED error in Kerberos tickets
This article helps you resolve consistent authentication issues that might affect Kerberos tickets.
Kerberos is a protocol that uses secret keys for providing secure authentication for client or server applications. A ticket is issued to a user for successful authentication. Typically, Kerberos tickets have a lifetime of about 10 hours and are renewed automatically.
Symptoms
The Key Distribution Center (KDC) displays a KRB_AP_ERR_TKT_EXPIRED error message that indicates that a service has failed.
Cause
The Kerberos connection fails if a user tries to use an expired ticket for authentication. For more information, see Kerberos authentication troubleshooting guidance.
Resolution
To resolve this error, follow these steps:
Use the
KLIST purgecommand to clear user tickets, or log off and back on, or restart the computer.Use the
KLISTcommand together with the SSPIClient tool to view and manage Kerberos tickets and service principal names (SPNs), as shown in the following command:KLIST GET MSSQLSvc\SQLProd01.contoso.com:1433
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for