No Kerberos Tickets Generated
i'm trying figure out might causing 1 of servers in resource domain (trusting) not authenticate using kerberos. second of 2 servers created in environment. first server working correctly , kerberos tickets correct using klist. when log second server, following:
using klist utility returns:
current logonid 0:0x19ea7c
error calling api lsacallauthenticationpackage (ticket granting ticket substatus): 1312
klist failed 0x8009030e/-2146893042: no credentials available in security package
on domain controller, see event logged seems using ntlm instead of kerberos
event id: 540
logon type: 3
logon process: ntlmssp
authentication package: ntlm
in general, recommended create matching site names when operating in multi-forest environment. primary benefit of confgiuration ability localize cross-forest authentication - i.e. user domain b logs on computer in domain authetnicated dc domain b resides in same site local computer.
i'd expect kerberos auth to work regardless whether in place or not (although not in optimal manner). the change made led different domain controller trusted domain performing authentication - if want investigate further, i'd suggest focusing on checking dns name resolution/communication between server , authenticating dc...
hth
marcin
Windows Server > Directory Services
Comments
Post a Comment