Solved

Kerberos ticket expiration

Posted on 2004-08-06
5
1,067 Views
Last Modified: 2013-12-19
Hello.

How does one address a Kerberos ticket expiration on Windows 2000 server?  Any suggestions.
This shows up on my auditing from the event logs.
0
Comment
Question by:g000se
  • 3
  • 2
5 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 11737978
Windows 2000 automatically manages the Kerberos ticket cache for connections to all network services. Tickets have an expiration time and occasionally need to be renewed. Ticket expiration and renewal are handled by the Kerberos security provider and associated application services. Most services, such as the file system Redirector, automatically keep session tickets up-to-date. Regular ticket renewal gives added session security by changing the session keys periodically. ---- Secure Networking Using Windows 2000 Distributed Security Services
0
 
LVL 11

Author Comment

by:g000se
ID: 11738728
So how could I fix this or should I leave it the way it is.
0
 
LVL 37

Accepted Solution

by:
bbao earned 175 total points
ID: 11750422
"If a client presents an expired session ticket when requesting a connection to a server, the server returns an error message. The client must request a new session ticket from the KDC. Once a connection is authenticated, however, it no longer matters whether the session ticket remains valid. Session tickets are used only to authenticate new connections with servers. Ongoing operations are not interrupted if the session ticket used to authenticate the connection expires during the connection.

If a client presents an outdated TGT when requesting a session ticket from the KDC, the KDC responds with an error message. The client must request a new TGT, and to do that it needs the user's long-term key. If the client did not cache the user's long-term key during the initial logon process, the client may have to ask the user for a password and derive the long-term key."

Windows 2000 Kerberos Authentication
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/kerberos.mspx
0
 
LVL 11

Author Comment

by:g000se
ID: 11752049
Thanks again for your help.  It makes sense.
0
 
LVL 37

Expert Comment

by:bbao
ID: 11752064
glad to help :)
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question