Kerberos HeLp
in a windows server 2008 domain how can ensure that clients can authenticate by using kerberos?
April 21st, 2011 5:03pm
Hi Customer,
Kerberos authenticate is the default authentication in windows 2008. It coexists with NTLM protocol and is used in instances where both a client and server can negotiate Kerberos.
Domain client use Kerberos when all clients could communicate with domain controller, DNS works properly, time service works properly, TCP and UDP 88 port opened from client to DC.
You could use command "klist tickets" to view the Kerberos cache. If Client couldn't use Kerberos authenticate, it will add security event log to your system.
Troubleshooting Kerberos Problems
http://technet.microsoft.com/en-us/library/cc786325(WS.10).aspx
Kerberos for the Busy Admin
http://blogs.technet.com/b/askds/archive/2008/03/06/kerberos-for-the-busy-admin.aspx
Kerberos Client Configuration
http://technet.microsoft.com/en-us/library/dd363903(WS.10).aspx
Troubleshooting Kerberos Authentication problems – Name resolution issues
http://blogs.technet.com/b/askds/archive/2008/05/14/troubleshooting-kerberos-authentication-problems-name-resolution-issues.aspx
Regards, Rick Tan
Free Windows Admin Tool Kit Click here and download it now
April 25th, 2011 11:08pm