Kerberos ticket expiration

Posted on 2004-08-06
Medium Priority
Last Modified: 2013-12-19

How does one address a Kerberos ticket expiration on Windows 2000 server?  Any suggestions.
This shows up on my auditing from the event logs.
Question by:g000se
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 37

Expert Comment

ID: 11737978
Windows 2000 automatically manages the Kerberos ticket cache for connections to all network services. Tickets have an expiration time and occasionally need to be renewed. Ticket expiration and renewal are handled by the Kerberos security provider and associated application services. Most services, such as the file system Redirector, automatically keep session tickets up-to-date. Regular ticket renewal gives added session security by changing the session keys periodically. ---- Secure Networking Using Windows 2000 Distributed Security Services
LVL 11

Author Comment

ID: 11738728
So how could I fix this or should I leave it the way it is.
LVL 37

Accepted Solution

bbao earned 700 total points
ID: 11750422
"If a client presents an expired session ticket when requesting a connection to a server, the server returns an error message. The client must request a new session ticket from the KDC. Once a connection is authenticated, however, it no longer matters whether the session ticket remains valid. Session tickets are used only to authenticate new connections with servers. Ongoing operations are not interrupted if the session ticket used to authenticate the connection expires during the connection.

If a client presents an outdated TGT when requesting a session ticket from the KDC, the KDC responds with an error message. The client must request a new TGT, and to do that it needs the user's long-term key. If the client did not cache the user's long-term key during the initial logon process, the client may have to ask the user for a password and derive the long-term key."

Windows 2000 Kerberos Authentication
LVL 11

Author Comment

ID: 11752049
Thanks again for your help.  It makes sense.
LVL 37

Expert Comment

ID: 11752064
glad to help :)

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question