NetDiag error...

T

Tom Jones

Have run netdiag /v and redirected to a .log file. Only
one error that I was able to find. Here it is:

Kerberos test. . . . . . . . . . . : Failed
Cached Tickets:
Server: krbtgt/mydomain.com
End Time: 11/20/2003 17:10:28
Renew Time: 11/27/2003 7:10:28
Server: krbtgt/mydomain.com
End Time: 11/20/2003 17:10:28
Renew Time: 11/27/2003 7:10:28
Server: dc01$
End Time: 11/20/2003 17:10:28
Renew Time: 11/27/2003 7:10:28
Server: dc04$
End Time: 11/20/2003 17:10:28
Renew Time: 11/27/2003 7:10:28
Server: ldap/dc04.mydomain.com/mydomain.com
End Time: 11/20/2003 17:10:28
Renew Time: 11/27/2003 7:10:28
Server: ldap/dc01.mydomain.com/mydomain.com
End Time: 11/20/2003 6:46:28
Renew Time: 11/26/2003 20:46:28
Server: ws2-03$
End Time: 11/18/2003 23:38:25
Renew Time: 11/25/2003 13:38:25
[FATAL] Kerberos does not have a ticket for TS02$.

This is running on a Terminal Server. We have five
servers running WIN2000 Server SP3: two DCs/GCs, one
member server as the File/Print Server, one member server
running TS and one member server running Exchange 2000
SP3.

The last entry is a workstation in our environment (
running WIN2000 Pro SP3 - small chance running SP4 ).

Additionally, in another section there were also a very
high number of failed connections ( something like
1800 ). The other server had either 0 failed connections
or 10 at the most. Not sure how to diagnose this.

Anyone have any pointers?

TIA,

Tom
 
S

Steve

Hi Tom
We get the Kerberos ticket drop outs on servers sometimes
I normally would log on to the computer with an admin account
run a at job to open a interactive command window under the system account
context
at time /Interactive cmd.exe
Then view the tickets using Kerbray.exe, ran from within the cmd window this
allows you to view the computers tickets and not your own.
You can then purge the tickets
I would then use SETSPN -L to check the spns were registered correctly.
if not then register them using setspn -r you can use the a switch to add an
arbitrary SPN
also check the workstation is in time sync with the DC as this can cause
Kerberos issues check the dcs are in sync also.

hth
 
S

Steve

PS
I meant server not workstation, and by sync I mean time sync if its out by
more than Kerberos allows then you will have problems
Q216734. I believe shows setting an external authoritative time source with
the dc that performs the PDC emulator role, (normally the first installed dc
in the domain unless you have transferred the role)

rgds
Steve


Steve said:
Hi Tom
We get the Kerberos ticket drop outs on servers sometimes
I normally would log on to the computer with an admin account
run a at job to open a interactive command window under the system account
context
at time /Interactive cmd.exe
Then view the tickets using Kerbray.exe, ran from within the cmd window this
allows you to view the computers tickets and not your own.
You can then purge the tickets
I would then use SETSPN -L to check the spns were registered correctly.
if not then register them using setspn -r you can use the a switch to add an
arbitrary SPN
also check the workstation is in time sync with the DC as this can cause
Kerberos issues check the dcs are in sync also.

hth

--
Rgds
Steve
Please Reply to Group


Tom Jones said:
Have run netdiag /v and redirected to a .log file. Only
one error that I was able to find. Here it is:

Kerberos test. . . . . . . . . . . : Failed
Cached Tickets:
Server: krbtgt/mydomain.com
End Time: 11/20/2003 17:10:28
Renew Time: 11/27/2003 7:10:28
Server: krbtgt/mydomain.com
End Time: 11/20/2003 17:10:28
Renew Time: 11/27/2003 7:10:28
Server: dc01$
End Time: 11/20/2003 17:10:28
Renew Time: 11/27/2003 7:10:28
Server: dc04$
End Time: 11/20/2003 17:10:28
Renew Time: 11/27/2003 7:10:28
Server: ldap/dc04.mydomain.com/mydomain.com
End Time: 11/20/2003 17:10:28
Renew Time: 11/27/2003 7:10:28
Server: ldap/dc01.mydomain.com/mydomain.com
End Time: 11/20/2003 6:46:28
Renew Time: 11/26/2003 20:46:28
Server: ws2-03$
End Time: 11/18/2003 23:38:25
Renew Time: 11/25/2003 13:38:25
[FATAL] Kerberos does not have a ticket for TS02$.

This is running on a Terminal Server. We have five
servers running WIN2000 Server SP3: two DCs/GCs, one
member server as the File/Print Server, one member server
running TS and one member server running Exchange 2000
SP3.

The last entry is a workstation in our environment (
running WIN2000 Pro SP3 - small chance running SP4 ).

Additionally, in another section there were also a very
high number of failed connections ( something like
1800 ). The other server had either 0 failed connections
or 10 at the most. Not sure how to diagnose this.

Anyone have any pointers?

TIA,

Tom
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

WCG Stats Sunday 30 July 2023 2
WCG Stats Monday 31 July 2023 3
WCG Stats Thursday 20 July 2023 3
WCG Stats Sunday 20 August 2023 3
WCG Stats Tuesday 13 December 2022 4
WCG Stats Sunday 27 August 2023 3
WCG Stats Thursday 13 July 2023 3
WCG Stats Thursday 22 June 2023 3

Top