"Client not found in Kerberos Database"
This error is found while performing a Wireshark trace run on the SEG server to check the communication between the SEG server and Domain Controller. This check is performed to validate if the kerberos ticket is being retrieved. This error is found in both same domain and cross domain KCD configurations.
This is caused because the Domain Controller is not able to find the user in the AD Database. The SEG receives a client certificate and picks up the UPN from the certificate and requests a kerberos ticket from the KDC (Key Distribution Center) of the Domain Controller. When we see this error, the SEG is requesting a kerberos ticket for a specific user from the Domain Controller, but that user is not found in the Domain Controller. This can either be caused because the user doesn't exist in AD or the UPN present in the certificate is incorrect.
Confirm the Certificate Request Template is configured correctly to generate the certificate with the correct UPN value.
When this error is encountered, the customer needs to investigate why the Domain Controller is unable to find the user. This may require the client to reach out to the organization who provides support for their Domain Controller in order to better understand this issue and rectify it.