Kerberos Errors on server

[Ron L]

We have a server that is on an intranet (with no connection to the outside).
The server is Win2k SP3, but was upgraded from NT4 SP6a. The server is a
domain controller and is also the SQL 2000 and IIS server for the domain.
We have been noticing a large number of Kerberos errors in our system log.
These errors are

The function InitializeSecurityContext received a Kerberos Error Message:

on logon session

Client Time:

Server Time: 18:28:27.0000 4/1/2004 (null)

Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN

Client Realm:

Client Name:

Server Realm: MYHOST.MYCOMPANY.NET

Server Name: krbtgt/MYHOST.MYCOMPANY.NET

Target Name: HOST/[email protected]

Error Text:

File:

Line:

Error Data is in record data.



Besides our intranet clients, we have 2 clients whose main login is to
another domain using their wired NICs. These clients access our intranet
via a seperate wireless NIC installed in each machine, and do not log into
our domain. Their access is completely via our IIS application; the IIS
application does, however, require authentication, so whenever one of these
systems access our IIS application they are required to login using the
standard windows login popup. The authentication method we use is
Integrated Windows Authentication. Could these kerberos errors be due to
these 2 clients since their kerberos tokens would be generated from a domain
that our domain knows nothing about, or do we have a serious problem with
our kerberos in our domain?

TIA
Ron L

 

[Jerold Schulman]

See if tip 5414 in the 'Tips & Tricks' at http://www.jsiinc.com helps.

We have a server that is on an intranet (with no connection to the outside).
The server is Win2k SP3, but was upgraded from NT4 SP6a. The server is a
domain controller and is also the SQL 2000 and IIS server for the domain.
We have been noticing a large number of Kerberos errors in our system log.
These errors are

The function InitializeSecurityContext received a Kerberos Error Message:

on logon session

Client Time:

Server Time: 18:28:27.0000 4/1/2004 (null)

Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN

Client Realm:

Client Name:

Server Realm: MYHOST.MYCOMPANY.NET

Server Name: krbtgt/MYHOST.MYCOMPANY.NET

Target Name: HOST/[email protected]

Error Text:

File:

Line:

Error Data is in record data.



Besides our intranet clients, we have 2 clients whose main login is to
another domain using their wired NICs. These clients access our intranet
via a seperate wireless NIC installed in each machine, and do not log into
our domain. Their access is completely via our IIS application; the IIS
application does, however, require authentication, so whenever one of these
systems access our IIS application they are required to login using the
standard windows login popup. The authentication method we use is
Integrated Windows Authentication. Could these kerberos errors be due to
these 2 clients since their kerberos tokens would be generated from a domain
that our domain knows nothing about, or do we have a serious problem with
our kerberos in our domain?

TIA
Ron L

Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com

 

[Ron L]

Jerold
Thanks for the response. Was 5414 the article you meant? If so, I'm
afraid that I fail to see the connection between my problem and the lack of
a reliable time source.

Ron Lounsbury

See if tip 5414 in the 'Tips & Tricks' at http://www.jsiinc.com helps.