Kerberos using wrong username to request tickets and services.
From: Mike V (V_at_discussions.microsoft.com)
Date: Wed, 10 Nov 2004 14:15:08 -0800
I logged onto my workstation (XP Pro on Win2k AD domain) earlier this week
using a different username. Now when I log into my PC with MY username, the
DC's security event log is showing that the kerberos service tickets are
being requested by the other user.
The problem is that the other user is simply a domain user, but I am a
Domain Admin. I only have the rights of a normal user now using MMC to
administer the domain. Also, when I do a net use to an $admin drive share on
another pc, I get the login dialog box with the OTHER user already in the
username field - instead of just letting me in like it always did.
How can I re-set the user that my Kerberos client is using to request
tickets and services from my PC?!?!
I have already done the following:
1. Removed the other users profile from my PC - and did a search of the
registry, and the user name is nowhere to be found except in the old
\documents and settings\profile path
2. Disabled the other user in AD - but then I get all kinds of kerberos
failures and errors on my PC and the DC's security log - MMC doesnt work at
all at that point.
3. Tried to run setspn.exe - errors finding object
4. Spent the last 6 hours searching other forums and KB's to no avail
5. Removed and re-joined my PC to the domain.
Shouldnt kerberos ONLY request tickets and services using the currently
logged on user?
Whoever knows the answer to this one is a TRUE MASTER! HELP!!