Re: Preventing Kerberos Ticket Expiration
- From: Paul Adare <pkadare@xxxxxxxxx>
- Date: Wed, 26 Dec 2007 11:35:24 -0500
On Wed, 26 Dec 2007 08:23:00 -0800, Joe wrote:
I have two MS Virtual Servers that are running in production. I keep an
exact copy of the VM's on disk for disaster recovery purposes. All my DR
restoration tests have failed because the Kerberos ticket expires between the
time the copy is made and the time the copy is restored (from 1-4 weeks in
the tests.) A copy that is restored within a day works fine.
So I need a way to disable the expiration of the Kerberos ticket for these
specific VM's. Is it possible to create a new Kerberos policy that over
rides the default domain security policy? Is this the best way to do this?
Are there any other options?
It isn't the Kerberos ticket that's the problem here but rather the
password used for the computer account to setup and maintain the secure
channel to the DCs.
You can either reset the secure channel or simply disable the password
change. On the member servers, find DisablePasswordChange in the registry
and set its value to 1. You'll need to do this on both the physical and
virtual copies.
--
Paul Adare
MVP - Virtual Machines
http://www.identit.ca
A bug in the hand is better than one as yet undetected.
.
- Follow-Ups:
- Prev by Date: Re: ActiveX Control Vulnerability
- Next by Date: Re: Preventing Kerberos Ticket Expiration
- Previous by thread: ActiveX Control Vulnerability
- Next by thread: Re: Preventing Kerberos Ticket Expiration
- Index(es):
