Re: KRB Error

If this domain was not upgraded from NT4, can you provide more detail about the testing you've done?

Call them:
Domain A = Windows 2000
Domain B = Windows 2003

Test server is a member of Domain ?
User is from Domain ?

Do all users in Domain ? have the same login problem when logging into a server in Domain ?
What is the error presented when trying to login?

What about when you reverse the scenario. User from Domain B logging into server in Domain A?

Do you see any KRB errors (within ethereal) when those users login to machines on their own domain?

The more you can do to pin down under exactly what circumstances the problem occurs will help identify the cause.

--
Mike Shepperd
Sunfire Solutions LLC
Seattle, WA

[This posting is provided AS-IS, with no warranties and confers no rights]


"Danny Sanders" <DSanders@xxxxxxxxxxxxxxx> wrote in message news:%23ozRVUoDHHA.3520@xxxxxxxxxxxxxxxxxxxxxxx
See if this link helps:
http://support.microsoft.com/kb/328570/en-us


hth
DDS
"danbos" <danbos@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:958B7BB8-8C19-4148-943E-82CCC199A6C6@xxxxxxxxxxxxxxxx
I am getting a Kerberos error when attempting to authenticate a user from an
Windows 2000 domain to a Windows 2003 Domain that has a two way trust
(separate forrests). I am able, from the DC's to selected users from the
other domain and add them to shared objected; however, when attempting to
authenticate from a server connected to the Win2K domain to the AD of the
Windows 2003 Domain it is failing the KRB autnentication. Using Etherreal,
I see that the AS-Request is sent; however, the Windows 2003 Server is
sending back a KRB error (KRB5KDC_ERR_PREAUTH_FAILED) MESSAGE. I am certain
that the credidentials of the user is correct. The event log has event ID
675 with the following information
Pre-Authentication Type: 0x2
Failure Code: 0x18

I am stumpted and any information to point me to a solution would be much
appreciated.



.

Relevant Pages

  • SecurityFocus Microsoft Newsletter #154
    ... MICROSOFT VULNERABILITY SUMMARY ... ISS RealSecure Server Sensor SSL Denial Of Service Vulnerabi... ... Roger Wilco Remote Server Side Buffer Overrun Vulnerability ... available for Microsoft Windows operating systems. ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #49
    ... Subject: SecurityFocus Microsoft Newsletter #49 ... Microsoft Windows NNTP Denial of Service Vulnerability ... Microsoft IIS SSI Buffer Overrun Privelege Elevation Vulnerability ... Microsoft ISA Server H.323 Memory Leak Denial of Service... ...
    (Focus-Microsoft)
  • Re: ASP.NET User.Identity.Name value after a domain username chang
    ... Since .NET is just calling into Windows API calls to resolve the user name, ... I have an ASP.NET application that is on a Win2000 server in a domain ... I have a very confusing issue when the domain login of a user is ... I thought this might have been some caching issue on the client so I ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: CAN WE LOGIN TO A WINDOWS 2003 ACTIVE DIRECTORY DOMAIN OVER TH
    ... Having a user login to a windows 2003 server over the internet is not a good ...
    (microsoft.public.windows.server.active_directory)
  • Questions Relating to Administering Windows 2000 Server
    ... installed the network client on the target computer. ... Sarah has been attempting to install Windows 2000 ... Server for two days. ... Sarah has checked the cables and hard drives. ...
    (microsoft.public.cert.exam.mcse)