Guy, One way to avoid the problems of a full security log is to set the logs to overwrite as needed. You can set this via group policy.
I don't know if the kerberos ticket is cached or not. (I suspect not.) When a machine reconnects to the network and you attempt to access a network resource, the resource will ask for you ticket. If you don't have one, or if it is out of date, the client will request a new kerberos ticket and then be authenticated to the resource. Denny > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Guy > Teverovsky > Sent: Friday, August 20, 2004 8:48 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] By design or configurable ? > > > In my environment, when W2K3 DC boots with security logs full, the > replication from that DC stops till the security log is > cleared and the > box is rebooted. > The interesting thing is that after the security logs become > full (while > the box is online) the replication continues to work till the box is > rebooted with full log. > > So the question is whether this can be prevented (we do have a routine > which takes care of security logs archiving, but it failed on > one of the > DCs and I would like to prevent the replication from breaking again). > > And another OT question: > When logging on to XP with cached credentials, is the Kerberos ticket > cached too ? And if yes, what happens when the ticket expires and the > box is reconnected to the network: will it seamlessly try to renew the > ticked ? > > Thanks, > Guy > > -- > Smith & Wesson - the original point and click interface > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
