Web-Proxy SSO

[AndyX90]

Hey guys,

i'm trying to get WebProxy-SSO to work but it won't...
The checklist in plugin is okay.

If i click CREATE KEYTABLE it shows the following:

Password for Administrator@XXXXX.LOCAL:
-- init_password: Wiping the computer password structure
-- generate_new_password: Generating a new, random password for the computer account
-- generate_new_password:  Characters read from /dev/urandom = 82
-- get_dc_host: Attempting to find Domain Controller to use via DNS SRV record in domain XXXXX.LOCAL for procotol tcp
-- get_dc_host: Attempting to find Domain Controller to use via DNS SRV record in domain XXXXX.LOCAL for procotol udp
-- get_dc_host: Attempting to find a Domain Controller to use (DNS domain)
-- get_dc_host: Found DC: XXXXX.LOCAL
-- get_dc_host: Canonicalizing DC through forward/reverse lookup...
-- get_dc_host: Found Domain Controller: XXXXX.XXXXX.local
-- create_fake_krb5_conf: Created a fake krb5.conf file: /tmp/.msktkrb5.conf-3PVDF8
-- reload: Reloading Kerberos Context
-- finalize_exec: SAM Account Name is: FIREWALL$
-- try_machine_keytab_princ: Trying to authenticate for FIREWALL$ from local keytab...
-- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Generic preauthentication failure)
-- try_machine_keytab_princ: Authentication with keytab failed
-- try_machine_keytab_princ: Trying to authenticate for FIREWALL$ from local keytab...
-- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Generic preauthentication failure)
-- try_machine_keytab_princ: Authentication with keytab failed
-- try_machine_keytab_princ: Trying to authenticate for host/firewall.XXXXX.local from local keytab...
-- try_machine_keytab_princ: Error: krb5_get_init_creds_keytab failed (Client not found in Kerberos database)
-- try_machine_keytab_princ: Authentication with keytab failed
-- try_machine_password: Trying to authenticate for FIREWALL$ with password.
-- create_default_machine_password: Default machine password for FIREWALL$ is firewall
-- try_machine_password: Error: krb5_get_init_creds_keytab failed (Preauthentication failed)
-- try_machine_password: Authentication with password failed
-- try_user_creds: Checking if default ticket cache has tickets...
-- finalize_exec: Authenticated using method 5
-- LDAPConnection: Connecting to LDAP server: XXXXX.XXXXX.local
SASL/GSSAPI authentication started
....

In proxy-log it shows:

:2017/11/26 09:30:11| negotiate_kerberos_auth: WARNING: received type 1 NTLM token
2017/11/26 09:30:10   kid1| ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: received type 1 NTLM token; }}

Any suggestions?

THX

[AndyX90]

Okay i figured out that there is a DNS Problem. If i go to Interfaces -> Diagnostics -> DNS Lookup and i try to resolve the ip of my DC then i get random outputs with each click on "DNS Lookup". Either i get response with type "SOA   a.root-servers.net." or i get response  with type "A x.x.x.x(correct ip)". I have configured unbound with local domain override.
Any ideas?