I'm setting up an AD domain to authenticate my endpoints and users. The thing is my company frowns upon physical servers, so I've set up the domain on AWS. I am connecting to it via a VPN tunnel. Authentication, password sync etc works just fine, but I would also like to issue kerberos tickets for my users. We have all the relevant ports opened, between our local network and the amazon instance, so I would assume I'm missing some DNS entries (we're using linux dns servers on site, so I need to add them manually)
Has anyone ever tackled any similar issues and knows what DNS entries I need to add for kerberos or if there are any additional steps needed?
EDIT: I am able to get a ticket if I specify principle server by hand, running "kinit -S "servername"
Best Answer
You need to ensure that SRV DNS records are created for the domain. Microsoft link