in a windows server 2008 domain how can ensure that clients can authenticate by using kerberos?

Hi Customer, Kerberos authenticate is the default authentication in windows 2008. It coexists with NTLM protocol and is used in instances where both a client and server can negotiate Kerberos. Domain client use Kerberos when all clients could communicate with domain controller, DNS works properly, time service works properly, TCP and UDP 88 port opened from client to DC. You could use command "klist tickets" to view the Kerberos cache. If Client couldn't use Kerberos authenticate, it will add security event log to your system. Troubleshooting Kerberos Problems http://technet.microsoft.com/en-us/library/cc786325(WS.10).aspx Kerberos for the Busy Admin http://blogs.technet.com/b/askds/archive/2008/03/06/kerberos-for-the-busy-admin.aspx Kerberos Client Configuration http://technet.microsoft.com/en-us/library/dd363903(WS.10).aspx Troubleshooting Kerberos Authentication problems – Name resolution issues http://blogs.technet.com/b/askds/archive/2008/05/14/troubleshooting-kerberos-authentication-problems-name-resolution-issues.aspx Regards, Rick Tan