News

Kerberos and authentication troubleshooting

Jan De Clercq

Windows Server 2003 security infrastructures The following excerpt, courtesy of Elsevier Digital Press, is from Chapter 5 of the book "Windows Server 2003 security infrastructures" written by Jan De Clercq. Click for the complete book excerpt series or purchase the book.



Kerberos and authentication troubleshooting

In the next two sections, we will explore some basic Kerberos and Windows Server 2003 authentication troubleshooting tools. An indispensable tool for every administrator is the Event Viewer. The next section will list some common Kerberos error messages as they appear in the Event Viewer. The following side note explains how to enable advanced Kerberos event logging.

Enabling Advanced Kerberos Event Logging
Advanced Kerberos event logging can be enabled using the following Windows registry hack. Set the Loglevel registry key (REG_DWORD) to value 1. Loglevel is located in the following registry key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaKerberosParameters.

Kerberos error messages

In Windows Server 2003, Microsoft included some Kerberos-specific event IDs. They are listed in Table 5.11. If you want to go even more in detail, Table 5.12 shows the Kerberos-related error messages as they appear in the Windows Event Viewer. Both can give interesting hints when troubleshooting Kerberos authentication problems.

Table 5.11 Kerberos-specific Event IDs.

Table 5.12 Kerberos Error Messages and Meaning.

Troubleshooting tools

Microsoft delivers several tools to troubleshoot Kerberos (see Table 5.13). They are spread across the resource kit, the support tools, and the platform SDK. Most of them are command prompt tools.

Table 5.13 Kerberos Troubleshooting Tools.

Click for the next excerpt in this series: Kerberos interoperability


Click for the book excerpt series or visit Elsevier to obtain the complete book.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy