Re: Kerberos entries in the system log
From: Cliff (cliff.bennett@johnguest.co.uk)
Date: 10/28/02
- Next message: NeoSadist: "Re: SP3 forcing NTLM 2.0 on Windows9x and NT4 clients?"
- Previous message: NeoSadist: "Re: W2K and nt32.ini virus"
- In reply to: Daniel Angelucci: "Re: Kerberos entries in the system log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Cliff" <cliff.bennett@johnguest.co.uk> Date: Mon, 28 Oct 2002 09:57:05 -0800
Hi Dan,
I think you may have put me onto something .
I've run "klist tgt" to see the tickets that I have and one
of the entries "alttargetdomainname" is incorrect... It is
the old domain name but with an extra character
tagged on the end. Do you know how to change this
entry??
Any help would be appreciated.
Cheers,
Cliff.
>-----Original Message-----
>I can only think of a couple of things. One, is it
possible that the
>DNS name for your clients and the DNS name for
your domain are
>different? I know Kerberos can get upset if the DNS
domain of the
>clients is not the same as the KDC and not contained
in the search path.
>
>You could also run the ResKit utility KerbTray and
see if you are
>actually receiving tickets. It's possible that something
is preventing
>your clients from using Kerberos. Your machines
would all fall back to
>NTLMv2. See if you can see any tickets in the client's
ticket cache.
>
>Dan
>
>Cliff wrote:
>> Hi Dan,
>> I'm afraid removing and adding one of the hosts
didn't
>> work.
>> Any other ideas?
>>
>> Cheers,
>> Cliff.
>> >-----Original Message-----
>>
>>>Hi,
>>>I've had a quick look at the log from yesterday (over
>>>3000 entries!!) and just from the first hundred or so
>>>entries there are over 30 different hosts. I'll pick
one
>>>which seems to come up frequently and re-add it
to
>>>the domain as suggested. I'll let you know how it
>>
>> goes.
>>
>>>I don't know if this is relavant but it is the only DC
that
>>>is reporting this error. It's in a mixed mode domain,
>>>acting as the PDC.
>>>
>>>Cheers.
>>>
>>>>-----Original Message-----
>>>>How many hosts are we talking about? Is it
>>>
>> practical
>>
>>>to remove and
>>>
>>>>readd them to the domain. It's possible the
>>>
>> kerberos
>>
>>>key for the host
>>>
>>>>has been corrupted.
>>>>
>>>>Dan
>>>>
>>>>Cliff wrote:
>>>>
>>>>>Hi Dan,
>>>>>We have two subnets and the ip addresses in
the
>>>>
>>>logs
>>>
>>>>>are coming from bothof them. The O/S's of the
>>>>
>>>hosts
>>>
>>>>>concerned are NT4 and Win2k. Some of the
hosts
>>>>>have internet access, others don't, there seems
to
>>>>
>>>be
>>>
>>>>>no pattern to which hosts are generating the
>>>>
>> errors.
>>
>>>>>We have a Firewall between us and the internet.
>>>>
>>>We
>>>
>>>>>tried opening port 88/udp (outgoing and
>>>>
>> incoming),
>>
>>>but
>>>
>>>>>continued to get the errors.
>>>>>
>>>>>Any ideas?
>>>>>
>>>>>Cheers,
>>>>>Cliff.
>>>>>
>>>>>
>>>>>
>>>>>>-----Original Message-----
>>>>>>Looks to me like you have a host requesting a
>>>>>
>>>ticket
>>>
>>>>>granting ticket
>>>>>>from your KDC that is not a member of the
>>>>
>> domain.
>>
>>>>>Is that IP on your
>>>>>
>>>>>
>>>>>>network? Is port 88 open to the internet?
>>>>>>
>>>>>>Dan
>>>>>>
>>>>>>Cliff wrote:
>>>>>>
>>>>>>
>>>>>>>Hi,
>>>>>>>I hope someone can help. I keep getting
entries
>>>>>>
>>>in
>>>
>>>>>the
>>>>>
>>>>>
>>>>>>>system log of a Win2k DC, 3 or 4 every couple
of
>>>>>>>minutes.
>>>>>>>
>>>>>>>"The function initializesecuritycontext recieved
a
>>>>>>>Kerberos Error Message:
>>>>>>> on logon session
>>>>>>>Client Time:
>>>>>>>Server Time: 9:27:51:000 10/18/2002 (null)
>>>>>>>Error code: 0x7
>>>>>>>KDC_ERR_S_PRINCIPAL_UNKNOWN
>>>>>>>client realm:
>>>>>>>Client Name:
>>>>>>>Server Realm: Mydomain.com
>>>>>>>Server Name: krbtgt/Mydomain.com
>>>>>>>Target Name:
>>>>>>
>> Host/55.102.2.33@Mydomain.com
>>
>>>>>>>Error Text
>>>>>>>File:
>>>>>>>Line:
>>>>>>>Error Data is in record data."
>>>>>>>
>>>>>>>Obviously the log fills up VERY quickly and I'd
>>>>>>
>>>really
>>>
>>>>>>>like to get to the bottom of it! I've tried trawling
>>>>>>
>> the
>>
>>>>>net
>>>>>
>>>>>
>>>>>>>for an answer to no avail.
>>>>>>>
>>>>>>>Thanks in advance.
>>>>>>
>>>>>>
>>>>>>.
>>>>>>
>>>>>
>>>>
>>>>.
>>>>
>>>
>>>.
>>>
>>
>
>
>.
>
- Next message: NeoSadist: "Re: SP3 forcing NTLM 2.0 on Windows9x and NT4 clients?"
- Previous message: NeoSadist: "Re: W2K and nt32.ini virus"
- In reply to: Daniel Angelucci: "Re: Kerberos entries in the system log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
