Mylo, have you had any luck with this?
The error you ran across, KDC_ERR_BAD_PVNO is what it says, bad protocol version number. That seems a little odd though.
What else have you done to troubleshoot? Have you verified that the DC's are replicating as they should etc? General health?
On 6/26/06, Mylo <[EMAIL PROTECTED]> wrote:
Hi All,
A muffled cry to ask whether anyone can shed any light on some errors we
are experiencing in a testlab.
The environment is :
- Windows 2003 Native mode domain forest with WinXP SP2 clients
- Single Forest Single Domain setup
We're using smartcard authentication to logon within the lab (testing a
PKI implementation)... on one given DC in the environment using any set
of the test tokens we have we can logon successfully to AD. On the
remainder (3 to be precise) it generates a failed authentication attempt
and logs an Event 675 with Kerberos Error Number 0x3 to the Security log
of the DC in question... according to the MS site this is :
0x3 KDC_ERR_BAD_PVNO Requested protocol version number not supported.
Have checked out the issued certificates on all the DC's and done
various checks using certutil but nothing seems amiss. I'll try a fresh
DC tomorrow but can someone shed any light on what specifically this
(0x3) error means .. it's not one I've come across..
Sorry about the conciseness of the description but it's late in Europe :-)
Thanks for any help.
Regards,
Mylo
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
