Re: Kerberose messages while File Replication
- From: DaveMo <david.mowers@xxxxxxxxx>
- Date: Thu, 12 Feb 2009 09:05:08 -0800 (PST)
On Feb 11, 6:46 pm, montu <mo...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I am trying to decrypt File replication protocol messages using RC4-HMAC
algorithm.For this reason I need to have AS response Ticket.I am unable to
see Kerberos Packet exchange using Netmon.
"DaveMo" wrote:
On Feb 10, 1:00 pm, montu <mo...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I would like to know how to generate kerberose messages at the time of file
replication service on window 2003 as client and another as Windows 2003 as
server.
Right now although replication is happenenig succefully. but message
sequence for AS request/response are not visible.
I have already tried by disabling pre authentication with no luck.
I'm not exactly sure what you are after, but you can see what's
happening in Kerberos by turning on Kerb logging or using Netmon.
Here's how to do the former:
(note: the following was extracted from a very good article but I lost
the link and Google is failing me. Many apologies to the author!)
4.3. Local Security Authority (LSA)
In Windows Server 2003, both the Kerberos authentication package and
KDC service can be configured to log debug information, in a file
named lsass.log.
To enabled logging in a file, the LogToFile registry value must be set
to 1:
Key: HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Value: LogToFile (REG_DWORD)
Content: 1 (to enable logging)
Then, the KerbDebugLevel registry value must be added and configured
to specify what kind of Kerberos events must be logged:
Key: HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Value: KerbDebugLevel (REG_DWORD)
The following list gives the common debug values that must be used to
build a binary mask specified in KerbDebugLevel:
Errors: 0x00000001
Warnings: 0x00000002
Tracing: 0x00000004
API tracing: 0x00000008
Credential related tracing: 0x00000010
Security Context tracing: 0x00000020
Logon Session tracing: 0x00000040
Logon tracing: 0x00000100
KDC tracing: 0x00000200
Detailed Security Context tracing: 0x00000400
Time related tracing: 0x00000800
User related tracing: 0x00001000
Leak related tracing: 0x00002000
WinSock related tracing: 0x00004000
SPN cache tracing: 0x00008000
S4U Errors: 0x00010000
S4U tracing: 0x00020000
Loopback tracing: 0x00080000
Ticket renewal tracing: 0x00100000
User to User tracing: 0x00200000
Locks tracing: 0x01000000
In the Troubleshooting Kerberos errors document, Microsoft recommends
to set the KerbDebugLevel value to 0xc0000043 for typical debugging
work.
In Windows Server 2003, the KDC service can also be configured to log
debugging information, by adding the KdcDebugLevel registry value:
Key: HKLM\SYSTEM\CurrentControlSet\Services\Kdc
Value: KdcDebugLevel (REG_DWORD)
The common debug values for KdcDebugLevel are:
Errors: 0x00000001
Warnings: 0x00000002
Tracing: 0x00000004
API tracing: 0x00000008
Credential related tracing: 0x00000010
Security Context tracing: 0x00000020
Logon Session tracing: 0x00000040
Logon tracing: 0x00000100
KDC tracing: 0x00000200
Detailed Security Context tracing: 0x00000400
Time related tracing: 0x00000800
User related tracing: 0x00001000
Leak related tracing: 0x00002000
WinSock related tracing: 0x00004000
SPN cache tracing: 0x00008000
S4U Errors: 0x00010000
S4U tracing: 0x00020000
Loopback tracing: 0x00080000
Ticket renewal tracing: 0x00100000
User to User tracing: 0x00200000
Locks tracing: 0x01000000
Use Extended Errors: 0x10000000
The KdcExtraLogLevel registry value can be added for extra KDC
logging:
Key: HKLM\SYSTEM\CurrentControlSet\Services\Kdc
Value: KdcExtraLogLevel (REG_DWORD)
Default value: 0x2
The following extra log levels are defined:
Audit SPN unknown errors: 0x1
Log detailed PKINIT1 errors: 0x2
Log all KDC errors with KLIN information: 0x4
Table 12. Local Security Authority
Filename Service or program Windows version Description
%systemroot%\system32\lsass.log LSA W2K3 Kerberos authentication
package debugging
%systemroot%\system32\lsass.log KDC service W2K3 KDC service debugging- Hide quoted text -
- Show quoted text -
Based on the limited information provided there are two possibilities:
1) Authentication is using NTLM - do you see any authentication
traffic in Netmon?
2) The client already has a service ticket in which case it won't go
get another. We have an enhanced version of the resource kit tool
klist that has better capabilities to selectively purge and fetch Kerb
tickets here: www.securitay.com/support.
HTH,
Dave
.
- Follow-Ups:
- Re: Kerberose messages while File Replication
- From: montu
- Re: Kerberose messages while File Replication
- References:
- Kerberose messages while File Replication
- From: montu
- Re: Kerberose messages while File Replication
- From: DaveMo
- Re: Kerberose messages while File Replication
- From: montu
- Kerberose messages while File Replication
- Prev by Date: Re: NTLM Proxy Authentication when Windows SmartCard Logon is used
- Next by Date: Re: Kerberose messages while File Replication
- Previous by thread: Re: Kerberose messages while File Replication
- Next by thread: Re: Kerberose messages while File Replication
- Index(es):
Relevant Pages
|
