Solved

Kerberos ticket expiration

Posted on 2004-08-06
5
1,066 Views
Last Modified: 2013-12-19
Hello.

How does one address a Kerberos ticket expiration on Windows 2000 server?  Any suggestions.
This shows up on my auditing from the event logs.
0
Comment
Question by:g000se
  • 3
  • 2
5 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 11737978
Windows 2000 automatically manages the Kerberos ticket cache for connections to all network services. Tickets have an expiration time and occasionally need to be renewed. Ticket expiration and renewal are handled by the Kerberos security provider and associated application services. Most services, such as the file system Redirector, automatically keep session tickets up-to-date. Regular ticket renewal gives added session security by changing the session keys periodically. ---- Secure Networking Using Windows 2000 Distributed Security Services
0
 
LVL 11

Author Comment

by:g000se
ID: 11738728
So how could I fix this or should I leave it the way it is.
0
 
LVL 37

Accepted Solution

by:
bbao earned 175 total points
ID: 11750422
"If a client presents an expired session ticket when requesting a connection to a server, the server returns an error message. The client must request a new session ticket from the KDC. Once a connection is authenticated, however, it no longer matters whether the session ticket remains valid. Session tickets are used only to authenticate new connections with servers. Ongoing operations are not interrupted if the session ticket used to authenticate the connection expires during the connection.

If a client presents an outdated TGT when requesting a session ticket from the KDC, the KDC responds with an error message. The client must request a new TGT, and to do that it needs the user's long-term key. If the client did not cache the user's long-term key during the initial logon process, the client may have to ask the user for a password and derive the long-term key."

Windows 2000 Kerberos Authentication
http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/confeat/kerberos.mspx
0
 
LVL 11

Author Comment

by:g000se
ID: 11752049
Thanks again for your help.  It makes sense.
0
 
LVL 37

Expert Comment

by:bbao
ID: 11752064
glad to help :)
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Microsoft AD for Secure LDAP 3 59
Windows Security Event ID to check for Service account usage 3 157
Domain Share problems 5 55
RRAS AND DNS 15 46
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
An article on effective troubleshooting
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question