Hi, I'm getting lot of Kerbero errors on one of the servers. I have search for errors online to see what is causing but i couldn't see anything. 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN = Server not found in Kerberos database. 0x34 - KRB_ERR_RESPONSE_TOO_BIG = Response too big for UDP, retry with TCP. 0xd KDC_ERR_BADOPTION = KDC cannot accommodate requested option. Windows 2003 R2 32 bites. 1ST Error Event Type: Error Event Source: Kerberos Event Category: None Event ID: 3 Date: 25/06/2012 Time: 11:42:45 User: N/A Computer: MY_SERVER Description: A Kerberos Error Message was received: on logon session Client Time: Server Time: 10:42:35.0000 6/25/2012 Z Error Code: 0xd KDC_ERR_BADOPTION Extended Error: 0xc00000bb KLIN(0) Client Realm: Client Name: Server Realm: DOMAIN.COM Server Name: host/my_server.domain.com Target Name: host/my_server.domain.com@DOMAIN.COM Error Text: File: 9 Line: b22 Error Data is in record data. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 30 15 a1 03 02 01 03 a2 0..... 0008: 0e 04 0c bb 00 00 c0 00 ...... 0010: 00 00 00 03 00 00 00 ....... 2ND ERROR Event Type: Error Event Source: Kerberos Event Category: None Event ID: 3 Date: 25/06/2012 Time: 11:39:08 User: N/A Computer: MY_DOMAIN Description: A Kerberos Error Message was received: on logon session Client Time: Server Time: 10:38:47.0000 6/25/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: Client Realm: Client Name: Server Realm: DOMAIN.COM Server Name: OUR_DC.domain.com Target Name: OUR_DC.domain.com@DOMAIN.COM Error Text: File: 9 Line: b22 Error Data is in record data. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. 3RD ERROR Event Type: Error Event Source: Kerberos Event Category: None Event ID: 3 Date: 25/06/2012 Time: 11:39:07 User: N/A Computer: MY_DOMAIN Description: A Kerberos Error Message was received: on logon session DOMAIN\user_id Client Time: Server Time: 10:38:46.0000 6/25/2012 Z Error Code: 0x34 KRB_ERR_RESPONSE_TOO_BIG Extended Error: Client Realm: Client Name: Server Realm: DOMAIN Server Name: krbtgt/DOMAIN Target Name: krbtgt/DOMAIN@DOMAIN Error Text: File: e Line: 6c0 Error Data is in record data. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Hi, Thanks for posting in Microsoft TechNet forums. We can check the article below regarding those three Kerberos errors. Kerberos Authentication Tools and Settings http://technet.microsoft.com/en-us/library/cc738673(v=ws.10).aspx In the meantime, here are two threads with similar errors for your reference: KERBEROS AUTHENTICATION ERRORS ON DOMAIN CONTROLLER Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN AND Error Code: 0xd KDC_ERR_BADOPTION http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/78f1026a-7531-4228-b00a-4a334810b539/ Kerberos Delegation issue! Web server isn't utilizing client's credentials to access remote resource http://social.msdn.microsoft.com/forums/en-US/netfxbcl/thread/711b1bc0-7a07-4bb6-ac7b-cabcac6d9d90/ Regards Kevin

All of our DC are Delegates set to Trust this computer for delegation to any service (kerberos Only). On server which is creating these logs I have run KerberosAuthenticationTester.exe I can see it is getting authorised

Please find my MPS Reporting Tool logs https://skydrive.live.com/redir?resid=B9B74F2B701A14DD!118

Hi, I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience. Thank you for your understanding and support. Regards Kevin

Hi, I suggest you can change MaxPacketSize to 1 to force the computer to use Kerberos traffic over TCP instead of UDP. To do this, follow these steps: Start Registry Editor.Locate and then click the following registry subkey: <samp>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ Kerberos\Parameters</samp> Note If the Parameters key does not exist, create it now.On the Edit menu, point to New, and then click DWORD Value.Type MaxPacketSize, and then press ENTER.Double-click MaxPacketSize, type 1 in the Value data box, click to select the Decimal option, and then click OK.Quit Registry Editor.Restart your computer. For more information please refer to the following article: How to force Kerberos to use TCP instead of UDP in Windows: http://support.microsoft.com/kb/244474 Regards, DennyPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

MaxPacketSize already is set to 1

I just check the server 02/07/2012 at 8 we have 50 errors on server. Event Type: Error Event Source: Kerberos Event Category: None Event ID: 3 Date: 02/07/2012 Time: 07:43:08 User: N/A Computer: server Description: A Kerberos Error Message was received: on logon session Client Time: Server Time: 6:43:8.0000 7/2/2012 Z Error Code: 0xd KDC_ERR_BADOPTION Extended Error: 0xc00000bb KLIN(0) Client Realm: Client Name: Server Realm: domain Server Name: host/ Target Name: host/ Error Text: File: 9 Line: b22 Error Data is in record data. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 30 15 a1 03 02 01 03 a2 0..... 0008: 0e 04 0c bb 00 00 c0 00 ...... 0010: 00 00 00 03 00 00 00 .......

more errors today. Event Type: Error Event Source: Kerberos Event Category: None Event ID: 3 Date: 03/07/2012 Time: 08:35:45 User: N/A Computer: Description: A Kerberos Error Message was received: on logon session Client Time: Server Time: 7:35:45.0000 7/3/2012 Z Error Code: 0xd KDC_ERR_BADOPTION Extended Error: 0xc00000bb KLIN(0) Client Realm: Client Name: Server Realm: Server Name: host/ Target Name: host/ Error Text: File: 9 Line: b22 Error Data is in record data. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 30 15 a1 03 02 01 03 a2 0..... 0008: 0e 04 0c bb 00 00 c0 00 ...... 0010: 00 00 00 03 00 00 00 .......

Can someone please answer this question.

Hi, The error "0xd KDC_ERR_BADOPTION" may be resulted from the expiration of <st1:stockticker w:st="on">TGT</st1:stockticker>. if the server is a Terminal server, it is very possible that users did not logoff their session before leaving their office and cause the expiration of TGT. If it is the case we can safely ignore it and do nothing more, because the <st1:stockticker w:st="on">TGT</st1:stockticker> will be automatically renewed or a new one will be requested if needed. For example, Windows XP and Windows Server 2003 will recover from this automatically. We could disable the Excessive Kerberos logging by setting the LogLevel registry key to 0: <samp>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters</samp> Registry Value: <samp>LogLevel</samp> Value Type: <samp>REG_DWORD</samp> We should only enable this registy if you are really encountering Kerberos authentication issues. Reference: How to enable Kerberos event logging: http://support.microsoft.com/kb/262177 Regards, Denny Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Is they any way I can confirm this. Also What about the other errors.

More errors. A Kerberos Error Message was received: on logon session Client Time: Server Time: 10:29:23.0000 7/10/2012 Z Error Code: 0xd KDC_ERR_BADOPTION Extended Error: 0xc00000bb KLIN(0) Client Realm: Client Name: Server Realm: Domian Server Name: host/server.Domian.com Target Name: host/server.Domian.com@Domian.com Error Text: File: 9 Line: b22 Error Data is in record data. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. A Kerberos Error Message was received: on logon session Client Time: Server Time: 9:35:56.0000 7/10/2012 Z Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN Extended Error: Client Realm: Client Name: Server Realm: domain.COM Server Name: server.domain.COM Target Name: server.domain.COM@domain.COM Error Text: File: 9 Line: b22 Error Data is in record data. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I just check in Remote desktop Service manage and I can't see anyone is logged onto this server, but still keep showing these errors.

Hi, The error "0x34 - KRB_ERR_RESPONSE_TOO_BIG" should have been fixed after we apply the hotfix and set the MaxPacketSize to 1. For the error "0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN", it is usually resulted from incorrect SPN(service principle name), if we want to investigate it further, we need to check the events one by one. You can find a similar issue in the following link: http://support.microsoft.com/kb/887993 Regards, Denny ZhouPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I have applied MaxPacketSize to 1 check it for last few days i can't see this error anymore but i'm still seeing this error. Event Type: Error Event Source: Kerberos Event Category: None Event ID: 3 Date: 14/07/2012 Time: 20:22:07 User: N/A Computer: sr Description: A Kerberos Error Message was received: on logon session Client Time: Server Time: 19:22:7.0000 7/14/2012 Z Error Code: 0xd KDC_ERR_BADOPTION Extended Error: 0xc00000bb KLIN(0) Client Realm: Client Name: Server Realm: dm.COM Server Name: host/server.dm.com Target Name: host/sr.dm.com@dm.COM Error Text: File: 9 Line: b22 Error Data is in record data. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 30 15 a1 03 02 01 03 a2 0..... 0008: 0e 04 0c bb 00 00 c0 00 ...... 0010: 00 00 00 03 00 00 00 .......

Event Type: Error Event Source: Kerberos Event Category: None Event ID: 3 Date: 23/07/2012 Time: 09:07:10 User: N/A Computer: server Description: A Kerberos Error Message was received: on logon session Client Time: Server Time: 8:7:10.0000 7/23/2012 Z Error Code: 0xd KDC_ERR_BADOPTION Extended Error: 0xc00000bb KLIN(0) Client Realm: Client Name: Server Realm: Server Name: host/ Target Name: host/ Error Text: File: 9 Line: b22 Error Data is in record data. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 30 15 a1 03 02 01 03 a2 0..... 0008: 0e 04 0c bb 00 00 c0 00 ...... 0010: 00 00 00 03 00 00 00 .......

All of our DC servers are set to these settings.