Re: Kerberos Errors on server

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Jerold Schulman (Jerry_at_jsiinc.com)
Date: 04/13/04 

Date: Tue, 13 Apr 2004 09:03:26 -0400

See if tip 5414 in the 'Tips & Tricks' at http://www.jsiinc.com helps.

On Mon, 12 Apr 2004 15:19:44 -0400, "Ron L" <rlounsbury@bogusAddress.com> wrote:

>We have a server that is on an intranet (with no connection to the outside).
>The server is Win2k SP3, but was upgraded from NT4 SP6a. The server is a
>domain controller and is also the SQL 2000 and IIS server for the domain.
>We have been noticing a large number of Kerberos errors in our system log.
>These errors are
>
>The function InitializeSecurityContext received a Kerberos Error Message:
>
>on logon session
>
>Client Time:
>
>Server Time: 18:28:27.0000 4/1/2004 (null)
>
>Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN
>
>Client Realm:
>
>Client Name:
>
>Server Realm: MYHOST.MYCOMPANY.NET
>
>Server Name: krbtgt/MYHOST.MYCOMPANY.NET
>
>Target Name: HOST/myhost.myCompany.net@MYHOST.MYCOMPANY.NET
>
>Error Text:
>
>File:
>
>Line:
>
>Error Data is in record data.
>
>
>
>Besides our intranet clients, we have 2 clients whose main login is to
>another domain using their wired NICs. These clients access our intranet
>via a seperate wireless NIC installed in each machine, and do not log into
>our domain. Their access is completely via our IIS application; the IIS
>application does, however, require authentication, so whenever one of these
>systems access our IIS application they are required to login using the
>standard windows login popup. The authentication method we use is
>Integrated Windows Authentication. Could these kerberos errors be due to
>these 2 clients since their kerberos tokens would be generated from a domain
>that our domain knows nothing about, or do we have a serious problem with
>our kerberos in our domain?
>
>TIA
>Ron L
>

Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com

Relevant Pages

  • Re: Kerberos Errors on server
    ... >domain controller and is also the SQL 2000 and IIS server for the domain. ... >We have been noticing a large number of Kerberos errors in our system log. ... >Besides our intranet clients, we have 2 clients whose main login is to ... Their access is completely via our IIS application; ...
    (microsoft.public.win2000.setup_upgrade)
  • Re: Kerberos Errors on server
    ... >domain controller and is also the SQL 2000 and IIS server for the domain. ... >We have been noticing a large number of Kerberos errors in our system log. ... >Besides our intranet clients, we have 2 clients whose main login is to ... Their access is completely via our IIS application; ...
    (microsoft.public.win2000.general)
  • Re: Kerberos Error Message
    ... discrepency between the clinet and server times in my original post. ... I know for certain there is no time difference between client and server. ... have tried removing and rejoining the clients. ... > A good resource for troubleshooting Kerberos errors is the relatively new ...
    (microsoft.public.win2000.security)
  • How to get my CA to be trusted by external clients?
    ... I have an IIS box that issued it's own cert for the ... clients use IE 6. ... avialable in the alert message (when you hit details, or advanced, or... ... and so there's no way for the client to install my CA as a trusted CA. ...
    (microsoft.public.inetserver.iis.security)
  • Use or Not to use ISA
    ... I am looking for advice on the best way to protect my web server. ... I currently sit behind a Symantec Gateway 360 security appliance firewall ... Win2k3 with IIS installed. ... small number of clients as well as my own. ...
    (microsoft.public.isa)