Halted SSO retry for request - meaning
I have an APM protected SP2013 farm that was working via KCD SSO until very recently. No changes were done on the F5 side, but I suspect a GPO push was rolled out. I can see the F5 getting a TGT and TGS - everything looks good and S4U => OK.
I still see the back end web front ends sending the authorization negotiate header however.
In my debug logs after the S4U = OK, I see server TMEVT_RESPONSE followed by an "Halted SSO retry for request line" which is then followed by client TMEVT_RESPONSE.
I am unable to post the actual logs here, but I was curious to the meaning of the "Halted SSO retry for response" line - as I do not see this line occurring in other configs for other farms that are working properly from an SSO perspective. I'm assuming APM receives something in the server TMEVT_RESPONSE that causes the SSO halt. I'm trying to narrow down what to look for.
My APM and KCD SSO config is rock solid. Good SPN, delegation, defined host/svc name, etc.