none
Kerberos errors on Domain Controllers RRS feed

  • Question

  • We have a new domain controller. At this moment we are getting two Kerberos errors every 5-10 minutes in the system log of the event viewer of this server:

     

    A Kerberos Error Message was received:

             on logon session

     Client Time:

     Server Time: 16:10:39.0000 12/22/2010 Z

     Error Code: 0x7  KDC_ERR_S_PRINCIPAL_UNKNOWN

     Extended Error:

     Client Realm:

     Client Name:

     Server Realm: domain.ltdError Text:

     Server Name: host/server1.domain.ltd

     Target Name: host/server1.domain.ltd@domain.LTD

     

     File: 9

     Line: b22

     Error Data is in record data.

     

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

     

    A Kerberos Error Message was received:

             on logon session

     Client Time:

     Server Time: 15:58:57.0000 12/22/2010 Z

     Error Code: 0xd KDC_ERR_BADOPTION

     Extended Error: 0xc00000bb KLIN(0)

     Client Realm:

     Client Name:

     Server Realm: domain.ltd

     Server Name: host/server1.domain.ltd

     Target Name: host/server1.domain.ltd@domain.LTD

     Error Text:

     File: 9

     Line: b22

     Error Data is in record data.

     

    On server Server1 the registry-key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\LogLevel=1 is present. When we delete this key the error-messages are gone. When we add the same registry-key to another domain controller we get the same two Kerberos errors in the eventlog.

     

    Replication runs fine on the new server. The Server Principal Name (SPN) is correctly registered. On the delegates tab in Active Directory users and computers for this server the option: Trust this computer for delegation to any service (Kerberos Only).

     

    How can we solve this error?

    Thursday, December 30, 2010 2:08 PM

Answers

  • Hello,

    if Kerberos logging is enabled you can ignore this errors. If then no errors are shown it is ok. Otherwise post the complete event viewer errors also.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Thursday, December 30, 2010 2:27 PM

All replies