madasczik
asked on
Kerberos errors, possible from mapped drives?
I have a win2000 server AD box with DNS pointing to itself that's absolutely error free. I have a Windows 2003 Standard Edition box that has its DNS pointing to the AD box and has several kerberos errors.
Error 1:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 2:11:4.0000 6/17/2004 Z
Error Code: 0xe KDC_ERR_ETYPE_NOTSUPP
Extended Error:
Client Realm:
Client Name:
Server Realm: MYDOMAIN
Server Name: krbtgt/MYDOMAIN
Target Name: host/WIN2k3BOX.MYDOMAIN.NE
Error Text:
File: 9
Line: ab8
Error Data is in record data.
Error: 2
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 2:11:57.0000 6/17/2004 Z
Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOW
Extended Error:
Client Realm:
Client Name:
Server Realm: MYDOMAIN.NET
Server Name: krbtgt/MYDOMAIN.NET
Target Name: cifs/123.123.123.123@MYDOM
Error Text:
File: 9
Line: ab8
Error Data is in record data.
Error 3:
A Kerberos Error Message was received:
on logon session Win2k3 PC Name\Administrator
Client Time:
Server Time: 2:11:57.0000 6/17/2004 Z
Error Code: 0x18 KDC_ERR_PREAUTH_FAILED
Extended Error:
Client Realm:
Client Name:
Server Realm: MYDOMAIN.NET
Server Name: krbtgt/MYDOMAIN.NET
Target Name: krbtgt/MYDOMAIN@MYDOMAIN here there's no .NET extension
Error Text:
File: e
Line: 6b5
Error Data is in record data.
Error 4:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 2:11:57.0000 6/17/2004 Z
Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOW
Extended Error:
Client Realm:
Client Name:
Server Realm: FUSIONAPPS.NET
Server Name: krbtgt/FUSIONAPPS.NET
Target Name: cifs/456.456.456.456@MYDOM
Error Text:
File: 9
Line: ab8
Error Data is in record data.
Error 5:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 2:11:57.0000 6/17/2004 Z
Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOW
Extended Error:
Client Realm:
Client Name:
Server Realm: MYDOMAIN.NET
Server Name: krbtgt/MYDOMAIN.NET
Target Name: cifs/WiN2k3 PC@MYDOMAIN.NET This is the same box as the last error but with the PC Name
Error Text:
File: 9
Line: ab8
Error Data is in record data.
There's 3 mapped drives on the win2k3 box which seems to be the culpret, one is to the AD box, the other 2 are mapped to another Win2k3 box that's not joined to the domain. One's mapped with the IP, the other is using the pc name. Why is this? What can I do to fix this.
Error 1:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 2:11:4.0000 6/17/2004 Z
Error Code: 0xe KDC_ERR_ETYPE_NOTSUPP
Extended Error:
Client Realm:
Client Name:
Server Realm: MYDOMAIN
Server Name: krbtgt/MYDOMAIN
Target Name: host/WIN2k3BOX.MYDOMAIN.NE
Error Text:
File: 9
Line: ab8
Error Data is in record data.
Error: 2
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 2:11:57.0000 6/17/2004 Z
Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOW
Extended Error:
Client Realm:
Client Name:
Server Realm: MYDOMAIN.NET
Server Name: krbtgt/MYDOMAIN.NET
Target Name: cifs/123.123.123.123@MYDOM
Error Text:
File: 9
Line: ab8
Error Data is in record data.
Error 3:
A Kerberos Error Message was received:
on logon session Win2k3 PC Name\Administrator
Client Time:
Server Time: 2:11:57.0000 6/17/2004 Z
Error Code: 0x18 KDC_ERR_PREAUTH_FAILED
Extended Error:
Client Realm:
Client Name:
Server Realm: MYDOMAIN.NET
Server Name: krbtgt/MYDOMAIN.NET
Target Name: krbtgt/MYDOMAIN@MYDOMAIN here there's no .NET extension
Error Text:
File: e
Line: 6b5
Error Data is in record data.
Error 4:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 2:11:57.0000 6/17/2004 Z
Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOW
Extended Error:
Client Realm:
Client Name:
Server Realm: FUSIONAPPS.NET
Server Name: krbtgt/FUSIONAPPS.NET
Target Name: cifs/456.456.456.456@MYDOM
Error Text:
File: 9
Line: ab8
Error Data is in record data.
Error 5:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 2:11:57.0000 6/17/2004 Z
Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOW
Extended Error:
Client Realm:
Client Name:
Server Realm: MYDOMAIN.NET
Server Name: krbtgt/MYDOMAIN.NET
Target Name: cifs/WiN2k3 PC@MYDOMAIN.NET This is the same box as the last error but with the PC Name
Error Text:
File: 9
Line: ab8
Error Data is in record data.
There's 3 mapped drives on the win2k3 box which seems to be the culpret, one is to the AD box, the other 2 are mapped to another Win2k3 box that's not joined to the domain. One's mapped with the IP, the other is using the pc name. Why is this? What can I do to fix this.
Also this post might help..
http://www.derkeiler.com/Newsgroups/microsoft.public.sqlserver.security/2003-06/0025.html
http://www.derkeiler.com/Newsgroups/microsoft.public.sqlserver.security/2003-06/0025.html
ASKER
Took a look at those links, haven't had a chance to try it out yet, maybe later tonight. I got one other question though, when I map the drive from one server to another, can or should I use the administrator account of the destination server or should I create seperate user accounts for this purpose. Or should I be using the system accounts, not to clear as to what's the difference, or which is the proper way. Some clarification will help a lot.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.mcse.ms/archive44-2003-11-116523.html
Solution given there is down below...
If you are not seeing any loss of connectivity or
anything like that it is a bug. There is a problem with
netdiag reporting this and it is not accurate. The first
thing to do is to install the resource kit and use klist
or kerbtray to see if you really are getting the ticket
or not.
If you really are not getting the ticket, then stop the
kdc service (key distribution center) Then set it to
manual.
Reboot the machine.
Reset the secure channel
reboot again.
Start the kdc and set to automatic. That should force
you to get a good ticket from another machine.