locked
Windows Server 2012 - No response for request to KDC Proxy Server. RRS feed

  • Question

  • Hello,

    I am trying to test KDCProxy without Direct Access on Windows Server 2012 r2. There is no response from KDC Proxy for the request and neither I can see any error in event logs.

        POST /KDCPROXY HTTP/1.0 (application/kerberos)

    The command "netsh http show service" displays an entry HTTPS://*:443/KDCPROXY and KPSSVC service is running without any error.

    What could be the possible reason? Is there any way to enable logging for KPSSVC service ?

    It would be great if someone can direct me to KDC Proxy setup guide(without direct access).

    Thanks

    Tuesday, March 3, 2015 11:24 AM

All replies

  • Hi iamish,

    As far as I know there don’t have the known doc indicate the PDC proxy can separately installed. The KDC proxy service is installed with select DirectAccess or Remote Desktop solutions to provide a way for Kerberos authentication to be used by Internet clients. DirectAccess and Remote Desktop clients create a TLS/SSL secure channel to the KDC proxy service running on the DirectAccess server or Remote Desktop Gateway (RD Gateway). To obtain the service ticket for the DirectAccess server or the Remote Desktop server, Kerberos messages are sent to the corresponding KDC proxy service. The service sends the request to a domain controller in the corporate network, and then returns the response.

    For some deployments of DirectAccess and Remote Desktop Services solutions with Windows Server 2012, the KDC proxy service is available by default.

    The related KB:

    What's New in Kerberos Authentication

    https://technet.microsoft.com/en-us/library/hh831747.aspx

    More related article:

    Enriched Remote Access experience in Windows Server 2012

    http://blogs.technet.com/b/mspfe/archive/2012/09/20/enriched-remote-access-experience-in-windows-server-2012.aspx

    I’m glad to be of help to you!


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    • Proposed as answer by SpaceTime_L Wednesday, March 18, 2015 9:15 AM
    Wednesday, March 4, 2015 3:29 AM
  • Hi Alex,

    Thanks a lot for your quick response.

    The last paragraph and the fig 10 KKDCP deployment environment in the below link exactly describes what I am trying to achieve.

        https://msdn.microsoft.com/en-us/library/gg604570.aspx

    I couldn't find any helpful link related to server setup or deployment and was trying based on the given deployment model.

    Thanks.

    Wednesday, March 4, 2015 6:20 AM
  • may it not support scenario
    Wednesday, March 18, 2015 9:16 AM
  • Hi all,

    I was able to successfully test KDC Proxy feature on Windows Server 2012 r2. I had to install "Remote Desktop Gateway" under "Remote Desktop Services" role.

    No need to install Direct Access provider.

    I logged in from Win-8 PC and was able to get HTTP 200 response and Kerberos ticket.


    • Marked as answer by iamish Tuesday, March 31, 2015 10:17 AM
    • Unmarked as answer by iamish Tuesday, March 31, 2015 10:18 AM
    • Edited by iamish Tuesday, March 31, 2015 10:23 AM updated
    Tuesday, March 31, 2015 10:15 AM
  • Dear Iamish,

    Can you please share the KDC proxy setup procedure? 

    Regards,

    Basavaraja


    basavaraja

    Wednesday, November 18, 2015 1:32 PM