http://support.microsoft.com/kb/262177 might help
From: Boaz Galil [mailto:[email protected]] Sent: Thursday, February 16, 2012 11:42 AM To: NT System Admin Issues Subject: [OT] How to troubleshoot Kerberos issues on windows server 2003 against windows server 2008? Dear experts, This is kind of out of topic question but I will try my luck as I know that there are some top players here. One of our customers has installed our enterprise solution: 1. Server A: Windows server 2003 with application service 1. 2. Server B: Windows server 2003 with application service 2 (identical to application service 1 / same code). 3. Server C: Windows server 2008 with IIS and application 3 webservice that both server A and B connects. All services are running with the same credentials (same domain user/pass) and running on the same domain . The communication between Server A and Server C is working fine, or in other words server A is working as design. The problem is that server B for some reason is getting authentication failures when trying to "work" with Server C (with the web application running on the IIS). >From what it seems, the Kerberos is failing and there is fallback to NTLM - >and NTLM is failing as well. My main question is how can I investigate why the Kerberos is failing? I checked clocks, event viewer (doesn't see anything interesting), and compared packet capture between the working and the non working server but couldn't get into conclusion of the issue. Bottom line, Is there any log that I can enable to troubleshoot further more Kerberos issues? I have asked the customer to remove Server B from the domain and rejoin it (read some articles that it may resolve the issue as a "Voodoo" trick). Tomorrow morning, I will have access again to the customer site, in case that the issue will not be resolved. I would appreciate any suggestion on what I should check or how to troubleshoot this scenario... Thanks in advance, Boaz. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
