Re: Random Kerberos Authentication access denied issues
From: Bernard (qbernard_at_hotmail.com.discuss)
Date: 12/01/04
- Next message: Bernard: "Re: SOAP Client error : ToolKit 3.0 .NET SOAP server"
- Previous message: Bernard: "Re: IIS problem with ISA"
- In reply to: Jag: "Random Kerberos Authentication access denied issues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 1 Dec 2004 12:18:46 +0800
No idea, but you might want to take a look at the old posts
http://groups.google.com.my/groups?q=Error%20Code%3A%200x7%20%20KDC_ERR_S_PRINCIPAL_UNKNOWN&hl=en&lr=&sa=N&tab=wg
and
HOW TO: Troubleshoot Kerberos-Related Issues in IIS
http://support.microsoft.com/?id=326985
-- Regards, Bernard Cheah http://www.tryiis.com/ http://support.microsoft.com/ http://www.msmvps.com/bernard/ "Jag" <Jag@discussions.microsoft.com> wrote in message news:C71C8A46-B0D2-4DE6-9561-01E879127644@microsoft.com... > We have the following configuration... > several 2000 ADS servers > several NT4 BDC domain servers > several IIS 6 on a 2003 member server > several IIS 5 on a 2000 member server > > The problem is that intermittantly we will fail to authenticate via Kerberos > to a web site that pulls up a list of options in IE based upon NT group > membership. > The end user with IE receives an access denied permission error and the web > server logs the following event. > A Kerberos Error Message was received: on logon session > Client Time: > Server Time: 18:47:1.0000 9/17/2004 Z > Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN > Extended Error: > Client Realm: > Client Name: > Server Realm: USXPRESS.COM > Server Name: krbtgt/USXPRESS.COM > Target Name: host/xgsthlweb.usxpress.com@USXPRESS.COM > Error Text: > File: 9 > Line: ab8 > Error Data is in record data. > For more information, ..... > > The problem will go away for about a week then come back. When we get the > error it happens to all users even admins regardless of what computer they > are using or what version of IE they are useing. In the past I was able to > set the application pool identity from predefined "network service" to "local > service" and it would work for a few days no problems then when it fails > again I can switch the application pool identity from predefined "local > service" to "network service" and it will work for a while then fail again. > I never have any problems with the web site on the 2000 server with IIS 5, > only with the 2003 server with IIS 6. I have gone through all the docs on > troubleshooting Kerberos issues and everything looks good. > The fact that it works for a while and then fails has me confused... I could > understand it not working but to work and then stop when no changes were made > is beyond me. Anyone have any idea what might be causing this? > > Thanks >
- Next message: Bernard: "Re: SOAP Client error : ToolKit 3.0 .NET SOAP server"
- Previous message: Bernard: "Re: IIS problem with ISA"
- In reply to: Jag: "Random Kerberos Authentication access denied issues"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
Loading
