asked on

Kerberos authentication 'sometimes' not working - XP related problem(?)

When using KERBTRAY.EXE I notice a valid ticket. When connecting to a windows server (CIFS) an additional ticket for that server is added. My conclusion, Kerberos is working Ok for windows based systems.

Next, I open Internet Explorer 6 SP2 and connect to the home page (intranet). Intranet is running on a SAP portal server which uses Kerberos authentication.
It sometimes does NOT create a ticket and pass-through auth. does not work. Webpage is displayed to enter userid and password. I assume this occurs when the system has been idle for several hours.

After closing Internet Explorer, I use CTRL-ALT-DEL to lock and unlock the workstation. Next start Internet Explorer and Intranet is displayed, and as expected, a ticket is added in the KERBTRAY.exe display panel.

I did not found out how to replicate this issue. It seems it occurs when the XP workstation is not shutdown over night.

Why can't Internet Explorer display the Intranet page using pass-throuugh kerberos authentication at all times but requires (i think some kind of reset) using lock / unlock?

Any suggestions to troubleshoot?

digitap

The Kerberos ticket won't stay valid for long periods of time. I have similar problems with computers that stay logged on and the DC restarts over night. They have trouble the next authenticating to network resources, etc.

I can't speak to your IIS server as I don't know how it is configured. Here is a link that goes into pretty good detail about IIS, client and DC relations.

http://adopenstatic.com/cs/blogs/ken/archive/2007/01/16/1054.aspx

Hope it helps.

ASKER CERTIFIED SOLUTION

Ronny Stijns

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

digitap

Sorry, you mentioned portal and Intranet, so I assumed you were. Glad you got it worked out either way!