Kerberos using wrong username to request tickets and services.

From: Mike V (V_at_discussions.microsoft.com)
Date: 11/10/04


Date: Wed, 10 Nov 2004 14:15:08 -0800

I logged onto my workstation (XP Pro on Win2k AD domain) earlier this week
using a different username. Now when I log into my PC with MY username, the
DC's security event log is showing that the kerberos service tickets are
being requested by the other user.

The problem is that the other user is simply a domain user, but I am a
Domain Admin. I only have the rights of a normal user now using MMC to
administer the domain. Also, when I do a net use to an $admin drive share on
another pc, I get the login dialog box with the OTHER user already in the
username field - instead of just letting me in like it always did.

How can I re-set the user that my Kerberos client is using to request
tickets and services from my PC?!?!
I have already done the following:

1. Removed the other users profile from my PC - and did a search of the
registry, and the user name is nowhere to be found except in the old
\documents and settings\profile path
2. Disabled the other user in AD - but then I get all kinds of kerberos
failures and errors on my PC and the DC's security log - MMC doesnt work at
all at that point.
3. Tried to run setspn.exe - errors finding object
4. Spent the last 6 hours searching other forums and KB's to no avail
5. Removed and re-joined my PC to the domain.

Shouldnt kerberos ONLY request tickets and services using the currently
logged on user?

Whoever knows the answer to this one is a TRUE MASTER! HELP!!

Thanks,
Mike



Relevant Pages

  • Kerberos requesting services and tickets using wrong username - he
    ... Now when I log into my PC with MY username, ... DC's security event log is showing that the kerberos service tickets are ... Shouldnt kerberos ONLY request tickets and services using the currently ...
    (microsoft.public.win2000.security)
  • Kerberos requesting services using wrong user....
    ... Now when I log into my PC with MY username, ... DC's security event log is showing that the kerberos service tickets are ... Shouldnt kerberos ONLY request tickets and services using the currently ...
    (microsoft.public.win2000.security)
  • Re: Kerberos using wrong username to request tickets and services.
    ... Double check that there are no entries in "stored credentials" on the XP ... > DC's security event log is showing that the kerberos service tickets are ... > tickets and services from my PC?!?! ... > Shouldnt kerberos ONLY request tickets and services using the currently ...
    (microsoft.public.win2000.security)
  • Re: Security model advice, please help!!
    ... (Kerberos and Username). ... use the kerberos policy to consume the service (Using the current windows ... WSE includes a sample to configure different turn-key assertions for the ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • RE: Problems signing request when using Windows Authentication
    ... method based on the user account benig in a group. ... In the client I add a username token to the request. ... security tokens in the request.", ...
    (microsoft.public.dotnet.framework.webservices.enhancements)