none
Kerberos Tickets expire during laptop sleep / VPN

    Question

  • Win7, Kerberos, VPN, TGT & ST Lifetime domain default, smartcard

    Users works on a corporate site during day and shut their laptopcover when they go home (sleep-mode).

    When home, they open their laptop and are presented with the CTRL-ALT-DEL screen. They use their smartcard, and logon with cached credentials. Next, they start the VPN application and create a connection back to the corporate network. However, when the VPN is set-up and they try to use their applications they left open in the taskbar when they went home, for the various applications a logon-box is presented.

    Investigation led us to the fact that the Kerberos Service Tickets have expired and need to be renewed. I've also seen situations (lab) where only the TicketGrantingTicket is left in the authenticationstore, and the ServiceTickets are purged?

    Have any of you run into this situation, and what solution did you apply? Can someone explain what is the default behaviour, regarding kerberos tickets, in such a situation?

    Thanks in advance for any insights

    Friday, February 17, 2012 11:29 AM

All replies

  •  

    Hi,

    According to your description, I suggest to contact  this forum for further help:

    http://social.technet.microsoft.com/Forums/en-US/winserverNIS/threads

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us.

    Thank you for your understanding.

    Regards,

    Leo   Huang


    Leo Huang

    TechNet Community Support




    Wednesday, February 22, 2012 6:48 AM
    Moderator
  • Leo,

    Thanks for the suggestion, but your link leads me to a gaming-forum. Typo?

    I did try to find a 'kerberos' forum on Technet, but could not find one.

    Regards, Armex

    Wednesday, February 22, 2012 7:29 PM
  • Hi,

    Sorry for the incorrect link. I have change the link to our server forum.

     

    Regards,

    Leo   Huang


    Leo Huang

    TechNet Community Support

    Thursday, February 23, 2012 6:02 AM
    Moderator