Link to home
Create AccountLog in
Avatar of Vikas Shah
Vikas ShahFlag for India

asked on

Kerberos Error

Hello Experts,

Let me first explain about the environment:

SERVER 1
OS: Windows Server 2008 R2 Standard (SP1) - 64Bit
Roles - Domain Controller, DNS Server
Hostname: MEDC2

SERVER 2
OS: Windows Server 2003 R2 Standard (SP2) - 64Bit
Roles - Additional Domain Controller, DNS Server
Hostname: MEDC

SERVER 3
OS: Windows Server 2008 R2 Standard (SP1) - 64Bit
Roles - Database Server (MS SQL)
Hostname: MESQL1

\==============================================================/

Let me explain the issue:

We have allowed all our user to access the SQL server via RDP. However, since last year or so, we have been experiencing an issue with our SQL server. it suddenly stops working and don't get connected via RDP, and even if gets connected the authentication stops.

Further looking at Event Log, we have observed that We are getting Event ID 3 (Source: Security-Kerberos) every 2-5 minutes on Application Log. Here is the event:

Log Name:      System
Source:        Microsoft-Windows-Security-Kerberos
Date:          6/7/2013 4:12:53 PM
Event ID:      3
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      MESQL1.me.com
Description:
A Kerberos Error Message was received:
 on logon session ME.COM\first.last
 Client Time:
 Server Time: 20:12:52.0000 6/7/2013 Z
 Error Code: 0x19 KDC_ERR_PREAUTH_REQUIRED
 Extended Error:
 Client Realm:
 Client Name:
 Server Realm: ME
 Server Name: krbtgt/ME
 Target Name: krbtgt/ME@ME
 Error Text:
 File: e
 Line: 9fe
 Error Data is in record data.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Kerberos" Guid="{98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}" EventSourceName="Kerberos" />
    <EventID Qualifiers="32768">3</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-06-07T20:12:53.000000000Z" />
    <EventRecordID>94826</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>MESQL1.me.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="LogonSession">ME.COM\first.last</Data>
    <Data Name="ClientTime">
    </Data>
    <Data Name="ServerTime">20:12:52.0000 6/7/2013 Z</Data>
    <Data Name="ErrorCode">0x19</Data>
    <Data Name="ErrorMessage">KDC_ERR_PREAUTH_REQUIRED</Data>
    <Data Name="ExtendedError">
    </Data>
    <Data Name="ClientRealm">
    </Data>
    <Data Name="ClientName">
    </Data>
    <Data Name="ServerRealm">ME</Data>
    <Data Name="ServerName">krbtgt/ME</Data>
    <Data Name="TargetName">krbtgt/ME@ME</Data>
    <Data Name="ErrorText">
    </Data>
    <Data Name="File">e</Data>
    <Data Name="Line">9fe</Data>
    <Binary>30583035A103020113A22E042C302A3005A0030201173021A003020103A11A1B185649414D4552494341532E434F4D56696B61732E536861683009A103020102A20204003009A103020110A20204003009A10302010FA2020400</Binary>
  </EventData>
</Event>

However the highest number of events are being generated with error "KDC_ERR_BADOPTION". Here is the error event:

Log Name:      System
Source:        Microsoft-Windows-Security-Kerberos
Date:          6/8/2013 12:41:13 AM
Event ID:      3
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      MESQL1.ME.com
Description:
A Kerberos Error Message was received:
 on logon session
 Client Time:
 Server Time: 4:41:12.0000 6/8/2013 Z
 Error Code: 0xd KDC_ERR_BADOPTION
 Extended Error: 0xc00000bb KLIN(0)
 Client Realm:
 Client Name:
 Server Realm: ME.COM
 Server Name: MESQL1$@ME.COM
 Target Name: MESQL1$@ME.COM@ME.COM
 Error Text:
 File: 9
 Line: f09
 Error Data is in record data.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Kerberos" Guid="{98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}" EventSourceName="Kerberos" />
    <EventID Qualifiers="32768">3</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-06-08T04:41:13.000000000Z" />
    <EventRecordID>94890</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>MESQL1.ME.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="LogonSession">
    </Data>
    <Data Name="ClientTime">
    </Data>
    <Data Name="ServerTime">4:41:12.0000 6/8/2013 Z</Data>
    <Data Name="ErrorCode">0xd</Data>
    <Data Name="ErrorMessage">KDC_ERR_BADOPTION</Data>
    <Data Name="ExtendedError">0xc00000bb KLIN(0)</Data>
    <Data Name="ClientRealm">
    </Data>
    <Data Name="ClientName">
    </Data>
    <Data Name="ServerRealm">ME.COM</Data>
    <Data Name="ServerName">MESQL1$@ME.COM</Data>
    <Data Name="TargetName">MESQL1$@ME.COM@ME.COM</Data>
    <Data Name="ErrorText">
    </Data>
    <Data Name="File">9</Data>
    <Data Name="Line">f09</Data>
    <Binary>3015A103020103A20E040CBB0000C00000000003000000</Binary>
  </EventData>
</Event>

Apart from this there is another event ID 5719 (Source:NETLOGON) is being generated. Here is the entry:
Log Name:      System
Source:        NETLOGON
Date:          6/7/2013 7:25:37 PM
Event ID:      5719
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      MESQL1.ME.com
Description:
This computer was not able to set up a secure session with a domain controller in domain ME due to the following:
The RPC server is unavailable.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.  

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="NETLOGON" />
    <EventID Qualifiers="0">5719</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-06-07T23:25:37.000000000Z" />
    <EventRecordID>94853</EventRecordID>
    <Channel>System</Channel>
    <Computer>MESQL1.ME.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>ME</Data>
    <Data>%%1722</Data>
    <Binary>170002C0</Binary>
  </EventData>
</Event>

\==============================================================/

Let me explain the issue:

With event ID 3 for kerberos being generated in every 2-5 minutes, server is still running. However, suddenly (one or twice in a week), server get Event id 5719 and stop authenticating any users. NO RDP, NO Authentication works.

I tried google, and tried most of the steps, but didn't get success.

Awaiting Reply with exact solution.
SOLUTION
Avatar of Sarang Tinguria
Sarang Tinguria
Flag of India image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
ASKER CERTIFIED SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of Vikas Shah

ASKER

Hi,

Issue still exists, and even MS is not able to resolve it.
As of now we are ignoring it, and looking for some resolution.