GSSAPI-SSO not working

Hey guys,

after following step by step this document made by Jonathan Murch, i managed to get SSO working for just one time.

Since then i´ve changed nothing.

I get this error in the Spark-Logs:

WARNUNG: Exception in Login:
SASL authentication failed:   -- caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: animal.muppets.local@MUPPETS.LOCAL)]          at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:121)          at org.jivesoftware.smack.sasl.SASLGSSAPIMechanism.authenticate(SASLGSSAPIMechanism.java:86)          at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:319)          at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:203)          at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1014)          at org.jivesoftware.LoginDialog$LoginPanel.access$1200(LoginDialog.java:219)          at org.jivesoftware.LoginDialog$LoginPanel$4.construct(LoginDialog.java:730)          at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:141)          at java.lang.Thread.run(Unknown Source)
Nested Exception: 
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: animal.muppets.local@MUPPETS.LOCAL)]          at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(Unknown Source)          at org.jivesoftware.smack.sasl.SASLMechanism.authenticate(SASLMechanism.java:117)          at org.jivesoftware.smack.sasl.SASLGSSAPIMechanism.authenticate(SASLGSSAPIMechanism.java:86)          at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:319)          at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:203)          at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:1014)          at org.jivesoftware.LoginDialog$LoginPanel.access$1200(LoginDialog.java:219)          at org.jivesoftware.LoginDialog$LoginPanel$4.construct(LoginDialog.java:730)          at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:141)          at java.lang.Thread.run(Unknown Source)
Caused by: GSSException: No valid credentials provided (Mechanism level: animal.muppets.local@MUPPETS.LOCAL)          at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)          at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)          at sun.security.jgss.GSSContextImpl.initSecContext(Unknown Source)          ... 10 more
Caused by: java.net.UnknownHostException: animal.muppets.local@MUPPETS.LOCAL          at java.net.Inet6AddressImpl.lookupAllHostAddr(Native Method)          at java.net.InetAddress$1.lookupAllHostAddr(Unknown Source)          at java.net.InetAddress.getAddressFromNameService(Unknown Source)          at java.net.InetAddress.getAllByName0(Unknown Source)          at java.net.InetAddress.getAllByName(Unknown Source)          at java.net.InetAddress.getAllByName(Unknown Source)          at java.net.InetAddress.getByName(Unknown Source)          at sun.security.krb5.internal.UDPClient.<init>(Unknown Source)          at sun.security.krb5.KrbKdcReq$KdcCommunication.run(Unknown Source)          at java.security.AccessController.doPrivileged(Native Method)          at sun.security.krb5.KrbKdcReq.send(Unknown Source)          at sun.security.krb5.KrbKdcReq.send(Unknown Source)          at sun.security.krb5.KrbKdcReq.send(Unknown Source)          at sun.security.krb5.KrbTgsReq.send(Unknown Source)          at sun.security.krb5.internal.CredentialsUtil.serviceCreds(Unknown Source)          at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(Unknown Source)          at sun.security.krb5.Credentials.acquireServiceCreds(Unknown Source)          ... 13 more          

Anyone knows how to solve this poblem?

Windows Server 2012 R2 as DC/KDC and Openfire

Windows 7 Professional as Client

Keytab is located in *\openfire\resources\

krb5.ini in C:\Windows on both machines

[libdefaults]
default_realm = MUPPETS.LOCAL
default_tkt_enctypes = rc4-hmac des3-cbc-sha1 des-cbc-crc des-cbc-md5
default_tgs_enctypes = rc4-hmac des3-cbc-sha1 des-cbc-crc des-cbc-md5
permitted_enctypes = rc4-hmac des3-cbc-sha1 des-cbc-crc des-cbc-md5


[realms]
MUPPETS.LOCAL = {
kdc = animal.muppets.local@MUPPETS.LOCAL
admin_server = animal.muppets.local@MUPPETS.LOCAL
default_domain = muppets.local
}


[domain_realms]
domain.com = MUPPETS.LOCAL
.domain.com = MUPPETS.LOCAL

gss.conf in *\openfire\conf\

com.sun.security.jgss.accept {          com.sun.security.auth.module.Krb5LoginModule          required          storeKey=true          keyTab="C:/openfire/resources/xmpp.keytab"          doNotPrompt=true          useKeyTab=true          realm="MUPPETS.LOCAL"          principal="xmpp/animal.muppets.local@MUPPETS.LOCAL"          debug=true;
};