none
Errors 4769 (0x1b) and 4625 after upgrading domain controllers to 2008 R2

    Question

  • Hi!

    Recently we upgraded our domain controllers to 2008 R2. And we have some problems with one application afterwards...

    We have application server which uses fat client and separate (ms) sql database. If I start connection to application from my fat client on Windows XP SP3 workstation I get error something like "cannot connect to server, error with security package...". At the same time error 4769 (0x1b) is logged to domain controller security log, username is service account. And at the same time also event 4625 is logged into application server security log - user account failed to log on.

    Any hints?

    Thanks,


    UV
    Friday, December 16, 2011 12:38 PM

Answers

  • Hi,

     

    I assume the description in Event 4769 is "A Kerberos service ticket was requested". Then, the error code 0x1b means " KDC_ERR_MUST_USE_USER2USER: Server principal valid for user2user only".

     

    To solve this problem, you need to set an SPN for that service. For more information, please refer to:

     

    Service Principal Names (SPNs)

    http://social.technet.microsoft.com/wiki/contents/articles/717.aspx

     

    Service Logons Fail Due to Incorrectly Set SPNs

    http://technet.microsoft.com/en-us/library/cc772897(WS.10).aspx

     

    If this does not address the problem, please let us know more information about the event error.

     

    Regards,

    Bruce

    Forum Support

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by urmasv Wednesday, December 21, 2011 10:09 AM
    Monday, December 19, 2011 9:45 AM