Forum Discussion
Cloud Kerberos - Failed to read secrets from the domain
Hi all, Apologies if this is the wrong place to post this! I am looking at understanding Cloud Kerberos and the uses behind it, primarily for WHfB for now. Following the guide on the Microsof...
I ran the Set-AzureADKerberosServer from my laptop with the latest AzureADHybridAuthenticationManagement module installed with GA and DA accounts. Likewise it failed with message "Set-AzureADKerberosServer: Failed to read secrets from domain..."
The Get-AzureADKerberosServer command then only showed the values for the top half of the listed parameters, the "cloudxxxx" ones in the bottom half of the list being blank.
The AzureADKerberos computer object had been created, but obviously something was wrong...
I backed out and cleaned up with Remove-AzureADKerberosServer which removed the computer object.
After seeing this post, I tried running the powershell on our AD Connect server. This worked seamlessly!
It seems that C:\Program Files\Microsoft Azure Active Directory Connect\AzureADKerberos\AzureAdKerberos.psd1 on an AD Connect server is needed.
Be handy if this was mentioned in the MS instructions: Passwordless security key sign-in to on-premises resources - Microsoft Entra ID | Microsoft Learn
- I had the exact same experience, except I did not have to remove the existing object. Once I ran the commands from the AD Connect server, and did not receive the "failed to read secrets..." error, Kerberos auth started to work.
It does seem like there's more needed than just an "import-module AzureADHybridAuthenticationManagement", which did not error on my laptop, it just didn't work.+1
I had the same "failed to read secrets from the domain" error when I installed the module and ran PS as an admin, while logged on as a domain admin, on the domain controller for the sole domain in our environment. When I tried from the AAD Connect server, it seems to have run without issues.
