Event ID 677 Kerberos

[Alice Spencer]

Hello All
I have the following enviromnent; two DC's in a single native mode windows
2000 domain. Both servers are running AD integrated DNS.
All other machines are Windows 2000/SP4 and latest updates from windows
update.
My security security event logs on the DC's are littered with 677 (failure
code 0x6) errors.
After a bit of research, it appears that accounts are falling back to NTLM
authentication, ie Kerberos is failing.
Failure Code 6 is "Client not found in Kerberos database ". How do I fix
this and why is it happening?
There is a QArticle 302879 which says this is fixed in SP3 but I have no NT4
Could this be a DNS configuration issue? Everything is set at default in
DNS.
Thanks for any tips and help offered
Alice Spencer

 

[Matjaz Ladava [MVP]]

first run dcdiag and netdiag on your server which could yield more info.
Post the results here. Also see
http://www.eventid.net/display.asp?eventid=677 for some hints.

--
Regards

Matjaz Ladava, MCSE, MCSA, MCT, MVP
Microsoft MVP - Active Directory
(e-mail address removed), (e-mail address removed)
http://ladava.com

 

[Alice Spencer]

dcdiag and netdiag run fine on both domain controllers reporting no errors.
netdiag on one of the member servers reports that the dc's are down. In
spite of this, one is able to log on ok with no error messages.
The dc's are 'pingable' from this member server so connectivity is there.
Also I deleted the dns record for this server waited until this change
propagated through the AD, restarted the machine and found that it had
sucessfully reregistered itself with the DNS server (this also propogated
throught the AD ok).

Alice
PS Sql replication is in use - is this a non kerberos aware app ?