We had many errors on both sides that led to the problem.
It has been fixed. Thanks for the ideas and pointers. They were helpful in
helping us come to a solution.
One thing that sticks out is that only DES encryption is
working between w2k3 and the kerberos realm. Does anyone know if this is a
"feature", or if in face 3DES can work for the
authentication?
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Sunday, August 01, 2004 11:44 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Kerberos errorI have never tried to set up a connection to an external kerberos realm but the thing that sticks out to me in that event is the disparity between the client and server time. Your client is showing that it is almost thanksgiving according to that...joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Flesher
Sent: Friday, July 30, 2004 4:30 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Kerberos errorI'm trying to get pass-thru authentication to work with an external Kerberos realm. I am getting this error. I think I have things set up right, but I've been known to fudge things. Does anyone know what this might mean?Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 3
Date: 7/30/2004
Time: 3:28:19 PM
User: N/A
Computer: KWAME-TURE
Description:
A Kerberos Error Message was received:
on logon session
Client Time: 15:49:18.0000 11/7/2004 Z
Server Time: 20:28:19.0000 7/30/2004 Z
Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN
Extended Error:
Client Realm: NSCBETA.UCHICAGO.EDU
Client Name: cflesher
Server Realm: NSCBETA.UCHICAGO.EDU
Server Name: krbtgt/UCHICAGO.LOCAL
Target Name: krbtgt/[EMAIL PROTECTED]
Error Text: UNKNOWN_SERVER
File: 9
Line: ab8
Error Data is in record data.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.Chris FlesherThe University of ChicagoNSIT/DCS1-773-834-8477
