Cisco ASA cannot authenticate VPN clients using Kerberos

The ASA was original pointing to a Windows 2000 server for VPN authentication. The Winows 2000 server was retired and we are now running a Windows 2003 domain. The authentication server address was changed to point a different domain controller. No other changes were made. Now the logon box re-appears after users try to connect using the Cisco VPN client.
A sample from the ASA log is below
5|Jun 29 2009|09:39:44|713904|||IP = 141.158.***.***, Received encrypted packet with no matching SA, dropping
4|Jun 29 2009|09:39:44|713903|||Group = *********, Username = *******, IP = 141.158.***.***, Error: Unable to remove PeerTblEntry
3|Jun 29 2009|09:39:44|713902|||Group = *********, Username = *********, IP = 141.158.***.***7, Removing peer from peer table failed, no match!
3|Jun 29 2009|09:39:44|713048|||Group = *********, Username = *********, IP = 141.158.***.***, Error processing payload: Payload ID: 14

Open in new window

John_R_EAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

John_R_EAuthor Commented:
Solution found. While authenticating to the Windows 2000 domain controller the Kerberos realm of NIXON was fine. When domain was upgraded to a Windows 2003 domain the full qualified domain name of NIXON.COM was required for the KERBEROS Realm
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.