Active Directory Service Principle - Adaptive Applications - BlueCat Gateway - 21.1

BlueCat Distributed DDNS Administration Guide

BlueCat Gateway

Before you begin

You must configure the Kerberos Realm configuration information manually in the /etc/krb5.conf file of the Gateway instance before configuring the Active Directory Service Principle information.
  1. Log in to the console of the Gateway container.
  2. Edit the /etc/krb5.conf file by adding the following sections:
        <REALM_NAME> = {
            kdc = <kdc_address>
            admin_server = <kdc_address>
            default_domain = <domain_name>
        .<domain_name> = <REALM_NAME>
        <domain_name> = <REALM_NAME>
    The following example shows adding which belongs to Realm EXAMPLE.COM:
        EXAMPLE.COM = {
            kdc =
            admin_server =
            default_domain =
    [domain_realm] = EXAMPLE.COM = EXAMPLE.COM

  1. Click the Support signed updated from Windows (GSS-TSIG) to enable GSS-TSIG updates from Active Directory.
  2. In the Service Principal Name field, enter the Service Principal Name that is mapped to the AD account of the Distributed DDNS service for this domain. The domain account for DNS service must be created on the AD server before entering the information for this step. For more information, refer to Reference: Active Directory service configuration.
  3. In the Password field, enter the password of the Active Directory user account to which the Service Principal Name maps.
  4. In the Key Version Number field, enter the key version number (knvo) attribute of the Active Directory user account to which the Service Principal Name maps.
    Note: You can verify the knvo of the Active Directory user account using the following PowerShell command on the Active Directory server:
    get-aduser <username> -property msDS-KeyVersionNumber
  5. Click Test to verify the Service Principal Name and password against the KDC configuration in the /etc/krb5.conf file.