Kerberos machine authentication

I recently built a small AD-integrated DNS domain network for labbing
purposes using my TechNet Plus Server 2003 Ent. OS. The single server is
also running DNS and DHCP. All of my clients (yeah, all SIX of them - I did
say SMALL!) are running XPsp2. Hosts connect to the network using wireless
cards through a linksys NAT-enabled router/switch. The server is hard wired
to one of the switch ports on the linksys. I am using 128-bit WEP encryption
and further control access using a MAC table of allowed hosts on the
wireless. Three machines are workstations and three are laptop/portables.

I successfully joined the client machines to the domain. They receive
DHCP-assigned IP addresses. However, when I run the Netdiag commmand, I
receive PASSING results for all tested parameters, EXCEPT the Kerberos test
which gives a " [FATAL] Kerberos does not have a ticket for
host/mymachinename.mydomainname".

The strange thing is that immediately after I joined the machines to the
domain and ran Netdiag, a PASSING Kerberos result is obtained. HOWEVER, once
the machines are restarted, the Kerberos test yields a consistent FAILED
status. With Server2003/XP, I thought Kerberos v.5 was the default
authentication protocol. If my machine is not being authenticated, how come
I can still access domain resources? Should my audit logs show a "logon"
event instead of an "account logon" event if my machine is not authenticated
(different from users)?

Does anyone have an explanation? I would prefer guidance on how to
efficiently troubleshoot this problem and not just "here, do this" to solve
the problem. The REAL problem is I don't yet have the troubleshooting skills
to effectively address the apparent Kerberos authentication failures.

Any help would be appreciated.

JCB\1059
.

Relevant Pages

  • Re: Kerberos machine authentication - apparent authentication fail
    ... until a user logon event. ... the Netdiag utility will show the Kerberos error in this scenario ... On these machines I ... me a plausible starting point to solve my Kerberos authentication problem. ...
    (microsoft.public.windows.server.security)
  • Re: Kerberos machine authentication - apparent authentication fail
    ... I just wanted to let you know there is a known bug in netdiag that reports ... >> mean that kerberos authentication is not being used. ... Three machines are workstations and three are ...
    (microsoft.public.windows.server.security)
  • Re: Kerberos machine authentication - apparent authentication fail
    ... I installed the Resource Kit. ... > mean that kerberos authentication is not being used. ... Three machines are workstations and three are ...
    (microsoft.public.windows.server.security)
  • Re: Kerberos logon to Terminal Server prevents folder redirection
    ... Pass-through refers to the client browser passing through credentials to the Web Interface server; so you can still use Pass-through without enabling the option "Use Kerberos authentication to connect to servers". ...
    (microsoft.public.windows.server.security)
  • Re: Integrated Windows Authentication Timeout?
    ... Is it possible that a different host name is being used for one of the subsequent requests that would break Kerberos auth? ... If you have "Negotiate" authentication set in the metabase, then this can still negotiate down to NTLM if for some reason the protocol thinks that Kerberos is unavailable. ... server. ...
    (microsoft.public.dotnet.framework.aspnet.security)