Kerberos Tickets expire during laptop sleep / VPN


  • Win7, Kerberos, VPN, TGT & ST Lifetime domain default, smartcard

    Users works on a corporate site during day and shut their laptopcover when they go home (sleep-mode).

    When home, they open their laptop and are presented with the CTRL-ALT-DEL screen. They use their smartcard, and logon with cached credentials. Next, they start the VPN application and create a connection back to the corporate network. However, when the VPN is set-up and they try to use their applications they left open in the taskbar when they went home, for the various applications a logon-box is presented.

    Investigation led us to the fact that the Kerberos Service Tickets have expired and need to be renewed. I've also seen situations (lab) where only the TicketGrantingTicket is left in the authenticationstore, and the ServiceTickets are purged?

    Have any of you run into this situation, and what solution did you apply? Can someone explain what is the default behaviour, regarding kerberos tickets, in such a situation?

    Thanks in advance for any insights

    viernes, 17 de febrero de 2012 11:29

Todas las respuestas