Windows 7 Clients cannot authenticate with User Kerberos RRS feed

  • Question

  • Hallo! We deployed DA with Windows Server 2012 R2 last year. We built a cluster with two machines. Our clients are Windows 7 SP1 with DCA 2.0 and fully patched. DA is configured to use force tunneling with smart card authentication. Everything worked fine until now. For some reason some (not all!) of the Windows 7 clients are not able to authenticate with Kerberos but User NTLM. The machine tunnel works but the user is not able to reach the network drives or excahnge with outlook.

    I am able to see many LSA entries on the client.

    On the servers there are many SChannel errors:

    A fatal error occurred while creating an SSL client credential. The internal error state is 10013.A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

    A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.

    An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

    All these errors are new the a few days and we don't know what to do! Please help!

    Tuesday, January 13, 2015 2:42 PM