Re: kerberos errors

---

• From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Thu, 13 Apr 2006 23:10:37 -0500

---

If you have not seen it yet the white paper in the link below may be of help
and references KDC_ERR_S_PRINCIPAL_UNKNOWN errors and the reason why.
Hopefully something in it will help. -- Steve

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerberr.mspx


<guitar_madness@xxxxxxxxxxxxx> wrote in message
news:1144754874.829706.233530@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I have enabled kerberos logging on the clients on my system and when
they successfully log in I get two errors in the system log. They are
identical expcept one appears to be for the sql server and the other is
for the file server.

These are the logs I get:

--------------------------------------------------------------------------------------------------------------
A Kerberos Error Message was received:
on logon session InitializeSecurityContext
Client Time:
Server Time:
Error Code: 9:48:32.0000 4/11/2006 (null) 0x7
Extended Error: KDC_ERR_S_PRINCIPAL_UNKNOWN
Client Realm:
Client Name:
Server Realm: X.Y.COM
Server Name: krbtgt/X.Y.COM
Target Name: MSSQLSvc/serverName.X.Y.COM:1433@xxxxxxx
Error Text:
File:
Line:
Error Data is in record data.
--------------------------------------------------------------------------------------------------------------
A Kerberos Error Message was received:
on logon session InitializeSecurityContext
Client Time:
Server Time:
Error Code: 9:59:46.0000 4/11/2006 (null) 0x7
Extended Error: KDC_ERR_S_PRINCIPAL_UNKNOWN
Client Realm:
Client Name:
Server Realm: X.Y.COM
Server Name: krbtgt/X.Y.COM
Target Name: HOST/fileserver@xxxxxxx
Error Text:
File:
Line:
Error Data is in record data.
--------------------------------------------------------------------------------------------------------------

The reason that Kerberos logging has been enabled was to help try and
resolve some account lockout issues we were having. Any idea's on what
is causing these log entries and a solution would be much appreciated!

.

---

• References:
  • kerberos errors
    • From: guitar_madness

• Prev by Date: Re: how can i hide/restrict desktop from save as windows
• Next by Date: Re: Defautl Hidden Shares
• Previous by thread: kerberos errors
• Next by thread: 802.1x Wired Config - automated method needed
• Index(es):
  • Date
  • Thread

---

Relevant Pages Event ID:3 Numerous Kerberos Errors ... Server: krbtgt/domain.COM@xxxxxxxxxx ... A Kerberos Error Message was received: ... Client Realm: ... Error Data is in record data. ... (microsoft.public.windows.server.general) Re: kerberos ... Client Realm: ... Server Realm: MYDOMAIN.COM ... Error Data is in record data. ... (microsoft.public.win2000.security) Trusted domain not show in "Entire Directory" list. ... Client Realm: ... Server Realm: OLD_DOMAIN.COM ... Error Data is in record data. ... (microsoft.public.windows.server.active_directory) Re: SetSPN problem ... > Jasper Smith (SQL Server MVP) ... > Client Realm: ... > Error Data is in record data. ... (microsoft.public.sqlserver.security) Re: Event ID 3 Kerberos KDC_ERR_S_PRINCICAL_UNKNOWN ... Paul Bergson ... there is the cifs/127.0.0.1 setup as the Server Name and Target Name. ... Encryption Type are the same for cifs and host but the Key Encryption Type ... Error Data is in record data." ... (microsoft.public.windows.server.active_directory)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.win2000.security  > 2006-04