On Thu, 16 Nov 2006 12:08:46 -0500 hboogz <[EMAIL PROTECTED]> wrote: > I am having continued issues with Kerberos. I tried running tokensz against > the problem server and i get this error message.. > > C:\Tools>tokensz /compute_tokensize /package:negotiate /use_delegation > /target_s > erver:host/phmaindc1 > > Name: Negotiate Comment: Microsoft Package Negotiator > Current PackageInfo->MaxToken: 12128 > > Asked for delegate, but didn't get it. > Check if server is trusted for delegation. > > QueryKeyInfo: > Signature algorithm = > Encrypt algorithm = RSADSI RC4 > KeySize = 128 > Flags = 2001c > Signature Algorithm = -138 > Encrypt Algorithm = 26625 > QueryContextAttributes (lifespan): Status = 2148074242 0x80090302 > SEC_E_NOT_SUPP > ORTED > > > any ideas ?
Run kerbtray and make sure your TGT is forwardable. Also, run the following: C:\>dsquery * (dc=X) -filter "(servicePrincipalName=host/phmaindc1)" to make sure you only have one account. Mike > I keep getting the following event log message on a domain controller which > prevents users from accessing it and authenticating to it. > > Event Type: Error > Event Source: Kerberos > Event Category: None > Event ID: 4 > Date: 11/16/2006 > Time: 12:02:37 PM > User: N/A > Computer: PHMAINDC1 > Description: > The kerberos client received a KRB_AP_ERR_MODIFIED error from the server > host/phmaindc1.phippsny.org. The target name used was host/phprint1. This > indicates that the password used to encrypt the kerberos service ticket is > different than that on the target server. Commonly, this is due to > identically named machine accounts in the target realm (PHIPPSNY.ORG), and > the client realm. Please contact your system administrator. Have you messed with the account at all since logging off and on. Run kerbtray, purge your tickets and try again. Mike -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/[email protected]/
