Remove From My Forums

Entre 3 Controleurs de Domaine Erreurs Kerberos

Discussion générale
0

Connectez-vous pour voter
Bonjour, mon parc AD en 2008R2 est maintenu par 3 contrôleurs de domaine (DC01, DC02 & DC03)

Sur le 2e et 3e DC, j'ai régulièrement des erreurs "Security-Kerberos". Comment les résoudre ?

voici pour mon 2e DC :

A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 12:13:4.0000 5/6/2014 Z
Error Code: 0xd KDC_ERR_BADOPTION
Extended Error: 0xc00000bb KLIN(0)
Client Realm:
Client Name:
Server Realm: NOMDUDOMAINE.COM
Server Name: DC02$@NOMDUDOMAINE.COM
Target Name: DC02$@NOMDUDOMAINE.COM@NOMDUDOMAINE.COM
Error Text:
File: 9
Line: f09
Error Data is in record data.
----------------------------------------------------------
A Kerberos Error Message was received:
on logon session NOMDUDOMAINE.COM\DC02$
Client Time:
Server Time: 9:54:30.0000 5/6/2014 Z
Error Code: 0x19 KDC_ERR_PREAUTH_REQUIRED
Extended Error:
Client Realm:
Client Name:
Server Realm: NOMDUDOMAINE.COM
Server Name: krbtgt/NOMDUDOMAINE.COM
Target Name: krbtgt/NOMDUDOMAINE.COM@NOMDUDOMAINE.COM
Error Text:
File: e
Line: 9fe
Error Data is in record data.

et les erreurs reçus sur mon 3e DC :

A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 12:6:57.0000 5/6/2014 Z
Error Code: 0xd KDC_ERR_BADOPTION
Extended Error: 0xc00000bb KLIN(0)
Client Realm:
Client Name:
Server Realm: NOMDUDOMAINE.COM
Server Name: DC03$@NOMDUDOMAINE.COM
Target Name: DC03$@NOMDUDOMAINE.COM@NOMDUDOMAINE.COM
Error Text:
File: 9
Line: f09
Error Data is in record data.
----------------------------------------------------------
A Kerberos Error Message was received:
on logon session NOMDUDOMAINE\admin01
Client Time:
Server Time: 11:59:59.0000 5/6/2014 Z
Error Code: 0x19 KDC_ERR_PREAUTH_REQUIRED
Extended Error:
Client Realm:
Client Name:
Server Realm: NOMDUDOMAINE
Server Name: krbtgt/NOMDUDOMAINE
Target Name: krbtgt/NOMDUDOMAINE@NOMDUDOMAINE
Error Text:
File: e
Line: 9fe
Error Data is in record data.

Par contre je précise sur le 1er DC , il n'y a pas d'erreurs. Enfin, celui qui est FSMO c'est DC02

merci
- Modifié Nicolas C13160 mardi 6 mai 2014 13:18
- Type modifié Dan BajenaruMicrosoft employee mercredi 21 mai 2014 11:33 attente de feedback
mardi 6 mai 2014 12:23

Toutes les réponses

0

Connectez-vous pour voter

Bonjour,

Avez vous une infra PKI au sein de votre société ? le rôle AD CS est mis en place ?

A+

HK.
Hicham KADIRI | Just Another IT Guy

mardi 6 mai 2014 18:50
0

Connectez-vous pour voter

oui exact je l'avais installer par nécessité car à un moment il était question que les MesDocuments des utilisateurs soient cryptés.

mercredi 7 mai 2014 11:47
0

Connectez-vous pour voter

pas de réponse ? :(

lundi 12 mai 2014 12:16
0

Connectez-vous pour voter

pas de réponse ? :(

Bonjour Nicolas,

Peux-tu faire des "dcdiag" sur tes DC ?
Blog
Scripts

lundi 12 mai 2014 12:21
0

Connectez-vous pour voter
Bonjour Nicolas,

Désolé du retard concernant ma réponse, j'ai oublié ce thread :$

en fait le message d'erreur que vous avez est souvent lié à l'absence du certificat sur votre DC (pour votre cas, DC02 & DC03).

Je l'ai eu il y'a quelques années après quelques temps de diagnostique, j'ai constaté la chose suivante :

Ce message peut être ignoré si aucune authentification par carte à puce n'est requise.

En gros, si vous avez déployé une infra PKI pour permettre à vos users de s'authentifier par Badge par exemple ou toute autre carte à puce sur vos DC eh bien, il faudrait déployer le cert approprié sur l'ensemble de vos DC, si aucune auth par smart cart n'est requis, vous pouvez tt simplement ignorer ces erreurs.

Vous n'aurez aucun problème de fonctionnement :).

J'espère avoir répondu à votre question.

A+

HK.

Hicham KADIRI | Just Another IT Guy
- Modifié Hicham KADIRI - MTFCMVP lundi 12 mai 2014 12:26
lundi 12 mai 2014 12:25

Connectez-vous pour voter

le DCDiag de mon 3e DC:

Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = DC03

   * Identified AD Forest. 
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\DC03

      Starting test: Connectivity

         ......................... DC03 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\DC03

      Starting test: Advertising

         ......................... DC03 passed test Advertising

      Starting test: FrsEvent

         ......................... DC03 passed test FrsEvent

      Starting test: DFSREvent

         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems. 
         ......................... DC03 failed test DFSREvent

      Starting test: SysVolCheck

         ......................... DC03 passed test SysVolCheck

      Starting test: KccEvent

         ......................... DC03 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... DC03 passed test

         KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... DC03 passed test MachineAccount

      Starting test: NCSecDesc

         ......................... DC03 passed test NCSecDesc

      Starting test: NetLogons

         ......................... DC03 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... DC03 passed test

         ObjectsReplicated

      Starting test: Replications

         ......................... DC03 passed test Replications

      Starting test: RidManager

         ......................... DC03 passed test RidManager

      Starting test: Services

         ......................... DC03 passed test Services

      Starting test: SystemLog

         An error event occurred.  EventID: 0x80000003

            Time Generated: 05/15/2014   13:22:04

            Event String: A Kerberos Error Message was received:


         An error event occurred.  EventID: 0x80000003

            Time Generated: 05/15/2014   13:34:25

            Event String: A Kerberos Error Message was received:


         An error event occurred.  EventID: 0x80000003

            Time Generated: 05/15/2014   13:34:27

            Event String: A Kerberos Error Message was received:


         An error event occurred.  EventID: 0x80000003

            Time Generated: 05/15/2014   13:37:05

            Event String: A Kerberos Error Message was received:


         An error event occurred.  EventID: 0x80000003

            Time Generated: 05/15/2014   13:41:10

            Event String: A Kerberos Error Message was received:


         An error event occurred.  EventID: 0x80000003

            Time Generated: 05/15/2014   13:52:06

            Event String: A Kerberos Error Message was received:


         An error event occurred.  EventID: 0x80000003

            Time Generated: 05/15/2014   14:00:00

            Event String: A Kerberos Error Message was received:


         An error event occurred.  EventID: 0x80000003

            Time Generated: 05/15/2014   14:07:06

            Event String: A Kerberos Error Message was received:


         ......................... DC03 failed test SystemLog

      Starting test: VerifyReferences

         ......................... DC03 passed test VerifyReferences

   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : mondomaine

      Starting test: CheckSDRefDom

         ......................... mondomaine passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... mondomaine passed test

         CrossRefValidation

   
   Running enterprise tests on : mondomaine.com

      Starting test: LocatorCheck

         ......................... mondomaine.com passed test LocatorCheck

      Starting test: Intersite

         ......................... mondomaine.com passed test Intersite

DCDiag de mon 2e DC (PDC) :

Directory Server Diagnosis

Performing initial setup:

Trying to find home server...

Home Server = DC02

* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DC02

Starting test: Connectivity

......................... DC02 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DC02

Starting test: Advertising

......................... DC02 passed test Advertising

Starting test: FrsEvent

......................... DC02 passed test FrsEvent

Starting test: DFSREvent

There are warning or error events within the last 24 hours after the

SYSVOL has been shared. Failing SYSVOL replication problems may cause

Group Policy problems.
......................... DC02 failed test DFSREvent

Starting test: SysVolCheck

......................... DC02 passed test SysVolCheck

Starting test: KccEvent

......................... DC02 passed test KccEvent

Starting test: KnowsOfRoleHolders

......................... DC02 passed test

KnowsOfRoleHolders

Starting test: MachineAccount

......................... DC02 passed test MachineAccount

Starting test: NCSecDesc

......................... DC02 passed test NCSecDesc

Starting test: NetLogons

......................... DC02 passed test NetLogons

Starting test: ObjectsReplicated

......................... DC02 passed test

ObjectsReplicated

Starting test: Replications

......................... DC02 passed test Replications

Starting test: RidManager

......................... DC02 passed test RidManager

Starting test: Services

......................... DC02 passed test Services

Starting test: SystemLog

An error event occurred. EventID: 0x80000003

Time Generated: 05/15/2014 13:16:40