Running in a stable Windows Server 2003 sub-domain we began experiencing failures with web applications using WMI impersonation (kerberos delegation). What worked 2 weeks ago no longer works today. I've enabled kerberos logging on the web server that serves the web page that proxies for the client's access to the remote system (all are in the same domain). Below is what is logged by the web server when a simple request is made to the web page to create a WMI object on the remote server using impersonation. if anyone can shed any light on where to go next to track down the cause of this failure it will be much appreciated. ThangQ ======================================== 444.448> Kerb-Error: Purging 00127D28, 1 444.448> Kerb-Warn: KerbGetTgsTicket failed to unpack KDC reply: 0x3c 444.448> Kerb-Warn: KerbGetTgsTicket KerbCallKdc: error 0x7 444.448> Kerb-Warn: Failed to get TGS ticket for service 0xc000018b : RPCSS enceladus.devlabrps.dom2.redprairie.com 444.448> Kerb-Warn: d:\nt\ds\security\protocols\kerberos\client2\kerbtick.cxx, line 3899 444.448> Kerb-Warn: TARGET_UNKNOWN for DOM1.REDPRAIRIE.COM\RNielsen LogonId 0:0x157f5294, target RPCSS enceladus.devlabrps.dom2.redprairie.com 444.448> Kerb-Warn: SpInitLsaModeContext failed to get outbound ticket, KerbGetServiceTicket failed with 0xc000018b 444.4844> Kerb-Warn: SPN not found RPCSS enceladus.devlabrps.dom2.redprairie.com 444.4844> Kerb-Warn: SpInitLsaModeContext failed to get outbound ticket, KerbGetServiceTicket failed with 0xc000018b browsing...

Hi, As per this document (http://www.microsoft.com/download/en/details.aspx?id=21820), a VERY usefull document by the way, you seem to experience KDC errors related to your TGT service. TGS need a TGT ticket before granting you a Kerberos token (everything is very well explained in the .DOC). Also, the Kerb-Warn error saying "SPN not found" mean that it didn't find your SPN previously defined. Make sure you still have the SPN by using either SetSPN -L %hostname% or use SPNViewer if your SPN was defined on a user object. Bye