Hello, we had have kerberos log activated yesterday while we test the
system. We received basically 2 kind of event log messages. I
copy/paste (I have traslated they ... it could not match the original
english labels):
Notes:
DC Server Name: GPRSServer01 (DC, Sql Server, A.Directory, ...)
Domain DNS name: distromel.gprs
Client Server Name: GPRSServer03 (when service is running)
* System Event logs in GPRSServer03
****************************************************************
An error message was received from Kerberos: in logon
Client time:
Server time: 10:33:9.0000 6/9/2004 Z
Error code: 0xd KDC_ERR_BADOPTION
Extended error: 0xc00000bb KLIN(0)
Client Domain:
Client Name:
Server domain: DISTROMEL.GPRS
Server name: host/gprsserver03.distromel.gprs
Destiny name: host/(E-Mail Removed)
Error text:
File: 9
Line: ab8
* System Event logs in GPRSServer01
****************************************************************
(15 messeages in a morning of the following type. I think this is
caused by other services, not ours)
An error message was received from Kerberos: in logon
Client time:
Server time: 10:47:48.0000 6/9/2004 Z
Error code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN
Extended error:
Client Domain:
Client Name:
Server domain: DISTROMEL.GPRS
Server name: cifs/distromel.gprs
Destiny name: cifs/(E-Mail Removed)
Error text:
File: 9
Line: ab8
(5-6 messeages in a morning of the following type)
An error message was received from Kerberos: in logon
Client time:
Server time: 10:37:48.0000 6/9/2004 Z
Error code: 0xd KDC_ERR_BADOPTION
Extended error: 0xc00000bb KLIN(0)
Client Domain:
Client Name:
Server domain: DISTROMEL.GPRS
Server name: host/gprsserver01.distromel.gprs
Destiny name: host/(E-Mail Removed)
Error text:
File: 9
Line: ab8
I hope it will be enough,
Thanks and best regards,
Raul Truco
"Steven Umbach" <(E-Mail Removed)> wrote in message news:<8qJxc.72773$Ly.64525@attbi_s01>...
> I don't know what the problem is but if you have not done such you may want to
> enable kerberos logging to give you more detail of what is going on in the
> kerberos process - not that I could interpret the results --- Steve
>
> http://support.microsoft.com/?id=262177
>
> "raul" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> > Hello,
> >
> > We have a problem autenticating a user between 2 machines in the same
> > domain with Kerberos. I'll try to explain our scenario.
> >
> > We have a Windows 2003 Server (Enterprise Edition) acting as Domain
> > Controller with Sql Server 2000 Sp3 running on it. Sql Server process
> > runs with a custom uesr domain account (SqlCustomUser) (no
> > Localsystem account). In the same domain we have another Windows 2003
> > Server with a custom Windows Service (developed with .Net) which runs
> > with another domain user account (ServiceCustomUser). We have
> > configure the Sql Server to grant access to this service user and the
> > service connects to Sql Server using Windows Autentication.
> >
> > When our service try to connect to a d.b., Kerberos authentication
> > fails after 1-2 minutes, and finally the conection is stablished using
> > NTLM. This is our conclusion after reading several articles and forums
> > of the web. We have tried several workarounds (Delegation, creation of
> > 'Service Principal Names' with SetSpn.exe, ...) but we haven't get it
> > yet.
> >
> > Any idea will be well appreciated
> >
> > Raśl Truco,
> >
> > More info: There isn't any firewall, the network is a standar
> > ethernet, and if we use Sql Autentication all works ok.
Similar Threads
