Re: Kerberos to NTLM delegation timeout

---

• From: "Marc Castrechini" <castro_9@xxxxxxxxxxxxxxxx>
• Date: Mon, 13 Aug 2007 14:55:54 -0400

---

Some additional info we have found:
If the problem occurs:
1) The Lock Computer solution typically lasts about 20 minutes

2) Logging out complete typically lasts about 24 hours.

TIA,
- Marc


"Marc Castrechini" <castro_9@xxxxxxxxxxxxxxxx> wrote in message
news:eQUxBad3HHA.1900@xxxxxxxxxxxxxxxxxxxxxxx

I apologize if this is available but there is so much on getting delegation
getting to work we aren't coming up with anything.

First off we are using constrained delegation to run a dual server
environment for ASP.NET 2.0 application under IIS 6.0 and SQL Server 2005.
All Windows Server 2k3. Our Active Directory is balanced two different
servers.

A subset of our users are receiving delegation errors at what seems like
random, inconsistent times of the day. Most of the time the majority of
the users are working fine.

Basically the Kerberos ticket appears to either expire or be overridden by
an NTLM ticket causing a double hop failure.

We have determined that the problem can temporarily be solved by doing the
following:
Close IE -> Control-Alt-Delete -> Lock -> UnLock

However, one the original problem happens this only seems to fix it for a
short while until the same error is experienced again.

Any direction or ideas at all would be greatly appreciated.

- Marc Castrechini

.

---

• Follow-Ups:
  • Re: Kerberos to NTLM delegation timeout
    • From: Steven Cheng[MSFT]

• References:
  • Kerberos to NTLM delegation timeout
    • From: Marc Castrechini

• Prev by Date: Kerberos to NTLM delegation timeout
• Next by Date: RE: 401 with Forms Authentication and Roles
• Previous by thread: Kerberos to NTLM delegation timeout
• Next by thread: Re: Kerberos to NTLM delegation timeout
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Very lazy connecting to AS2000 ... verify your network configuration. ... I have problems connecting to AS2000 server over LAN: ... The Connect statement lasts ... both machines are in the same workgroup, ... (microsoft.public.sqlserver.olap) Re: Crysis demo available now for EA Store preorders ... for some reason most of jonah falcon's threads don't show up on my news ... server. ... plays almost exactly like far cry, so anyone who didn't like far cry can ... you're crouching or prone it lasts a lot longer. ... (comp.sys.ibm.pc.games.action) Re: xntpd hanging ... it lasts about 10 seconds before hanging and not responding to any requests. ... server uk.pool.ntp.org ... Do you have any sort of "change control" process that would tell you what changes were made between the last time you know it worked and the first time you noticed it was broken? ... (comp.protocols.time.ntp) Very lazy connecting to AS2000 ... I have problems connecting to AS2000 server over LAN: ... The Connect statement lasts 9 ... both machines are in the same workgroup, ... (microsoft.public.sqlserver.olap) Re: xntpd hanging ... On one of our AIX 5.3 boxes, xntpd isn't very happy. ... it lasts about 10 seconds before hanging and not responding to any requests. ... server uk.pool.ntp.org ... (comp.protocols.time.ntp)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.dotnet.framework.aspnet.security  > 2007-08