Event ID:3 Numerous Kerberos Errors

From: "Klecker" <Klecker@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 20 May 2005 16:35:02 -0700

I am running a mixed 2000 Domain, one 2000 DC, two 2000 Members
Server(Citrix), one NT4 BDC(SQL) and 2 Windows 2003 Member Servers(TS1,SQL03)
plus 60 XP, 2KPro PCs and 20 Thin Clients.

I recently updated the 2003 SQL to SP1, haven’t done so on the 2003 TS1.

I am getting constant Kerberos Event errors filling up my logs due to
turning on Kerberos Logging. I am not sure why I am getting these or how to
correct it. Previously I wasn’t even able to log on to any XP/03 computers
with the Domain Administrator account until I changed Kerberos from UDP to
TCP due to logs indicating packet loss. Now I have these remaining.

I have looked through the Kerberos Troubleshooting Document; I have run
LVD.exe and Ldifde.exe. Even thought the info is volumous I am unable to
discern if there is an error.

I have looked into the SPN utility and I wouldn’t know where to begin on that.

Any suggestions???

TIA Ken

Hear is a sample of my error logs:

Error Code: 0xe KDC_ERR_ETYPE_NOTSUPP
Error Code: 0x18 KDC_ERR_PREAUTH_FAILED
Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN

KLIST.EXE
Cached Tickets: (4)

Server: krbtgt/domain.COM@xxxxxxxxxx
KerbTicket Encryption Type: RSADSI
End Time: 5/21/2005 1:31:18
Renew Time: 5/27/2005 15:31:18

Server: krbtgt/domain.COM@xxxxxxxxxx
KerbTicket Encryption Type: RSADSI
End Time: 5/21/2005 1:31:18
Renew Time: 5/27/2005 15:31:18

Server: APOLLO$@domain.COM
KerbTicket Encryption Type: RSADSI
End Time: 5/21/2005 1:31:18
Renew Time: 5/27/2005 15:31:18

Server: domainSQL$@domain.COM
KerbTicket Encryption Type: RSADSI
End Time: 5/21/2005 1:31:18
Renew Time: 5/27/2005 15:31:18

Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 3
Date: 5/20/2005
Time: 3:02:16 PM
User: N/A
Computer: domainSQL
Description:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 22:2:16.0000 5/20/2005 Z
Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN
Extended Error:
Client Realm:
Client Name:
Server Realm: domain.COM
Server Name: krbtgt/domain.COM
Target Name: cifs/domain3@xxxxxxxxxx
Error Text:
File: 9
Line: ae0
Error Data is in record data.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 3
Date: 5/20/2005
Time: 2:48:54 PM
User: N/A
Computer: domainSQL
Description:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 21:48:54.0000 5/20/2005 Z
Error Code: 0xe KDC_ERR_ETYPE_NOTSUPP
Extended Error:
Client Realm:
Client Name:
Server Realm: domain.COM
Server Name: krbtgt/domain.COM
Target Name: host/domainsql.domain.com@xxxxxxxxxx
Error Text:
File: 9
Line: ae0
Error Data is in record data.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 3
Date: 5/20/2005
Time: 2:45:42 PM
User: N/A
Computer: domainSQL
Description:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 21:45:42.0000 5/20/2005 Z
Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN
Extended Error:
Client Realm:
Client Name:
Server Realm: domain.COM
Server Name: krbtgt/domain.COM
Target Name: cifs/domain3@xxxxxxxxxx
Error Text:
File: 9
Line: ae0
Error Data is in record data.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 3
Date: 5/20/2005
Time: 2:07:20 PM
User: N/A
Computer: domainSQL
Description:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 21:7:20.0000 5/20/2005 Z
Error Code: 0xe KDC_ERR_ETYPE_NOTSUPP
Extended Error:
Client Realm:
Client Name:
Server Realm: domain.COM
Server Name: krbtgt/domain.COM
Target Name: host/domainsql.domain.com@xxxxxxxxxx
Error Text:
File: 9
Line: ae0
Error Data is in record data.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 3
Date: 5/20/2005
Time: 12:17:22 PM
User: N/A
Computer: domainSQL
Description:
A Kerberos Error Message was received:
on logon session PDC1\administrator
Client Time:
Server Time: 19:17:22.0000 5/20/2005 Z
Error Code: 0x18 KDC_ERR_PREAUTH_FAILED
Extended Error:
Client Realm:
Client Name:
Server Realm: domain.COM
Server Name: krbtgt/domain.COM
Target Name: krbtgt/PDC1@PDC1
Error Text:
File: e
Line: 6b7
Error Data is in record data.

--
Ken

.

Prev by Date: W2K3 Enterprise License Question
Next by Date: Can't access network resources
Previous by thread: W2K3 Enterprise License Question
Next by thread: Can't access network resources
Index(es):
- Date
- Thread

Relevant Pages

Re: Kerberos role in a std. setup without bells & whistles
... A Kerberos Error Message was received: ... Client Realm: ... Server Realm: domain.tld ... Service Ticket Request Failed: ...
(microsoft.public.win2000.security)
Re: kerberos
... Client Realm: ... Server Realm: MYDOMAIN.COM ... Error Data is in record data. ...
(microsoft.public.win2000.security)
Trusted domain not show in "Entire Directory" list.
... Client Realm: ... Server Realm: OLD_DOMAIN.COM ... Error Data is in record data. ...
(microsoft.public.windows.server.active_directory)
Kerberos authentication problems
... I'm trying to get Windows authentication working for MS SQL Server ... using a domain account. ... Error: Client Realm: Client Name: Server Realm: dbg Server Name: ... ab8 Error Data is in record data. ...
(microsoft.public.sqlserver.security)
Re: SetSPN problem
... > Jasper Smith (SQL Server MVP) ... > Client Realm: ... > Error Data is in record data. ...
(microsoft.public.sqlserver.security)