Kerberos and authentication troubleshooting

This excerpt from "Windows Server 2003 security infrastructures" explores some basic Kerberos and Windows Server 2003 authentication troubleshooting tools.

Windows Server 2003 security infrastructures The following excerpt, courtesy of Elsevier Digital Press, is from Chapter 5 of the book "Windows Server 2003 security infrastructures" written by Jan De Clercq. Click for the complete book excerpt series or purchase the book.

Kerberos and authentication troubleshooting

In the next two sections, we will explore some basic Kerberos and Windows Server 2003 authentication troubleshooting tools. An indispensable tool for every administrator is the Event Viewer. The next section will list some common Kerberos error messages as they appear in the Event Viewer. The following side note explains how to enable advanced Kerberos event logging.

Enabling Advanced Kerberos Event Logging
Advanced Kerberos event logging can be enabled using the following Windows registry hack. Set the Loglevel registry key (REG_DWORD) to value 1. Loglevel is located in the following registry key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaKerberosParameters.

Kerberos error messages

In Windows Server 2003, Microsoft included some Kerberos-specific event IDs. They are listed in Table 5.11. If you want to go even more in detail, Table 5.12 shows the Kerberos-related error messages as they appear in the Windows Event Viewer. Both can give interesting hints when troubleshooting Kerberos authentication problems.

Table 5.11 Kerberos-specific Event IDs.

Table 5.12 Kerberos Error Messages and Meaning.

Troubleshooting tools

Microsoft delivers several tools to troubleshoot Kerberos (see Table 5.13). They are spread across the resource kit, the support tools, and the platform SDK. Most of them are command prompt tools.

Table 5.13 Kerberos Troubleshooting Tools.

Click for the next excerpt in this series: Kerberos interoperability

Click for the book excerpt series or visit Elsevier to obtain the complete book.

Read more on Integration software and middleware