Windows 2003 r2 Kerbero logs on server

-

hi,

i'm getting lot of kerbero errors on 1 of servers. have search errors online see causing i couldn't see anything.

0x7  kdc_err_s_principal_unknown = server not found in kerberos database.
0x34 - krb_err_response_too_big = response big udp, retry tcp.
0xd kdc_err_badoption = kdc cannot accommodate requested option.

windows 2003 r2 32 bites.

please find my mps reporting tool logs

https://skydrive.live.com/redir?resid=b9b74f2b701a14dd!118

1st error

event type: error
event source: kerberos
event category: none
event id: 3
date: 25/06/2012
time: 11:42:45
user: n/a
computer: my_server
description:
kerberos error message received:
         on logon session 
 client time: 
 server time: 10:42:35.0000 6/25/2012 z
 error code: 0xd kdc_err_badoption
 extended error: 0xc00000bb klin(0)
 client realm: 
 client name: 
 server realm: domain.com
 server name: host/my_server.domain.com
 target name: host/my_server.domain.com@domain.com
 error text: 
 file: 9
 line: b22
 error data in record data.

more information, see , support center @ http://go.microsoft.com/fwlink/events.asp.
data:
0000: 30 15 a1 03 02 01 03 a2   0.¡....¢
0008: 0e 04 0c bb 00 00 c0 00   ...»..À.
0010: 00 00 00 03 00 00 00      ....... 

2nd error

event type: error
event source: kerberos
event category: none
event id: 3
date: 25/06/2012
time: 11:39:08
user: n/a
computer: my_domain
description:
kerberos error message received:
         on logon session 
 client time: 
 server time: 10:38:47.0000 6/25/2012 z
 error code: 0x7  kdc_err_s_principal_unknown
 extended error: 
 client realm: 
 client name: 
 server realm: domain.com
 server name: our_dc.domain.com
 target name: our_dc.domain.com@domain.com

 error text: 
 file: 9
 line: b22
 error data in record data.

more information, see , support center @ http://go.microsoft.com/fwlink/events.asp.

3rd error

event type: error
event source: kerberos
event category: none
event id: 3
date: 25/06/2012
time: 11:39:07
user: n/a
computer: my_domain
description:
kerberos error message received:
         on logon session domain\user_id
 client time: 
 server time: 10:38:46.0000 6/25/2012 z
 error code: 0x34 krb_err_response_too_big
 extended error: 
 client realm: 
 client name: 
 server realm: domain
 server name: krbtgt/domain
 target name: krbtgt/domain@domain
 error text: 
 file: e
 line: 6c0
 error data in record data.

more information, see , support center @ http://go.microsoft.com/fwlink/events.asp.

try this.

suggest you can change maxpacketsize 1 force the computer use kerberos traffic over tcp instead of udp. this, follow these steps:    

  • start registry editor.
  • locate , click following registry subkey:
    <samp>hkey_local_machine\system\currentcontrolset\control\lsa\ kerberos\parameters</samp>
    note if the parameters key not exist, create now.
  • on the edit menu, point to new, , click dword value.
  • type maxpacketsize, , press enter.
  • double-click maxpacketsize, type 1 in the value data box, click select the decimal option, , click ok.
  • quit registry editor.
  • restart computer.

more information please refer following article:

how force kerberos use tcp instead of udp in windows: http://support.microsoft.com/kb/244474

check this

http://social.technet.microsoft.com/forums/en-us/winserverds/thread/78f1026a-7531-4228-b00a-4a334810b539/

still nothing.

hi.

on server using regedit modified registry key (1) default value of (0)
   hkey_local_machine\system\currentcontrolset\control\lsa\kerberos\parameters
   entry: loglevel
   type: reg_dword
   default value: 0 

kdc_err_s_principal_unknown    0x7  server not found in kerberos database
http://www.ietf.org/rfc/rfc4120.txt  kerberos protocol registry entries , kdc configuration keys in windows server 2003
http://support.microsoft.com/kb/837361/en-us
in addition, whether account using third party programs when error occurs?
regards,
yan li

yan li

technet community support



Windows Server  >  Security



Comments

Post a Comment

Popular posts from this blog

WIMMount (HSM) causing cluster storage to go redirected (2012r2 DC)

-
looking options resolve error , prevent in future. thanks help. hardware: 2 node dell hv cluster running2012r2 dc 8 nic/ea in multiplex mode 4x hyper-v 4x hosts storage: 2x synology nas, accessed through iscsi hosts , cluster relevant logs: log name:      microsoft-windows-failoverclustering/diagnostic source:        microsoft-windows-failoverclustering date:          event id:      2050 task category: none level:         warning keywords:       user:          system computer:      l description: [dcm] filter wimmount found @ unsafe altitude 180700 log name:      system source:        microsoft-windows-failoverclustering date:         event id:      5125 task category: cluster shared volume level:         warning keywords:       user:          system computer: description: cluster shared volume 'volume1' ('cluster disk 1') has identified 1 or more active filter drivers on device stack interfere csv operatio
Read more

Failed to delete the test record dcdiag-test-record in zone test.com

-
ps c:\users\administrator.test> dcdiag /test:dns directory server diagnosis performing initial setup:    trying find home server...    home server = dc02    * identified ad forest.    done gathering initial info. doing initial required tests    testing server: default-first-site-name\dc02       starting test: connectivity          ......................... dc02 passed test connectivity doing primary tests    testing server: default-first-site-name\dc02       starting test: dns          dns tests running , not hung. please wait few minutes...          ......................... dc02 passed test dns    running partition tests on : forestdnszones    running partition tests on : domaindnszones    running partition tests on : schema    running partition tests on : configuration    running partition tests on : test    running enterprise tests on : test.com       starting test: dns          test results domain
Read more

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authentication type: - eap t
Read more