Windows 2003 r2 Kerbero logs on server
Hi,
I'm getting lot of Kerbero errors on one of the servers. I have search for errors online to see what is causing but i couldn't see anything.
0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN = Server not found in Kerberos database.
0x34 - KRB_ERR_RESPONSE_TOO_BIG = Response too big for UDP, retry with TCP.
0xd KDC_ERR_BADOPTION = KDC cannot accommodate requested option.
Windows 2003 R2 32 bites.
1ST Error
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 3
Date: 25/06/2012
Time: 11:42:45
User: N/A
Computer: MY_SERVER
Description:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 10:42:35.0000 6/25/2012 Z
Error Code: 0xd KDC_ERR_BADOPTION
Extended Error: 0xc00000bb KLIN(0)
Client Realm:
Client Name:
Server Realm: DOMAIN.COM
Server Name: host/my_server.domain.com
Target Name: host/my_server.domain.com@DOMAIN.COM
Error Text:
File: 9
Line: b22
Error Data is in record data.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 30 15 a1 03 02 01 03 a2 0.....
0008: 0e 04 0c bb 00 00 c0 00 ......
0010: 00 00 00 03 00 00 00 .......
2ND ERROR
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 3
Date: 25/06/2012
Time: 11:39:08
User: N/A
Computer: MY_DOMAIN
Description:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 10:38:47.0000 6/25/2012 Z
Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN
Extended Error:
Client Realm:
Client Name:
Server Realm: DOMAIN.COM
Server Name: OUR_DC.domain.com
Target Name: OUR_DC.domain.com@DOMAIN.COM
Error Text:
File: 9
Line: b22
Error Data is in record data.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
3RD ERROR
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 3
Date: 25/06/2012
Time: 11:39:07
User: N/A
Computer: MY_DOMAIN
Description:
A Kerberos Error Message was received:
on logon session DOMAIN\user_id
Client Time:
Server Time: 10:38:46.0000 6/25/2012 Z
Error Code: 0x34 KRB_ERR_RESPONSE_TOO_BIG
Extended Error:
Client Realm:
Client Name:
Server Realm: DOMAIN
Server Name: krbtgt/DOMAIN
Target Name: krbtgt/DOMAIN@DOMAIN
Error Text:
File: e
Line: 6c0
Error Data is in record data.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
June 25th, 2012 7:01am
Hi,
Thanks for posting in Microsoft TechNet forums.
We can check the article below regarding those three Kerberos errors.
Kerberos Authentication Tools and Settings
http://technet.microsoft.com/en-us/library/cc738673(v=ws.10).aspx
In the meantime, here are two threads with similar errors for your reference:
KERBEROS AUTHENTICATION ERRORS ON DOMAIN CONTROLLER Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN AND Error Code: 0xd KDC_ERR_BADOPTION
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/78f1026a-7531-4228-b00a-4a334810b539/
Kerberos Delegation issue! Web server isn't utilizing client's credentials to access remote resource
http://social.msdn.microsoft.com/forums/en-US/netfxbcl/thread/711b1bc0-7a07-4bb6-ac7b-cabcac6d9d90/
Regards
Kevin
Free Windows Admin Tool Kit Click here and download it now
June 26th, 2012 10:56pm
All of our DC are Delegates set to
Trust this computer for delegation to any service (kerberos Only).
On server which is creating these logs I have run KerberosAuthenticationTester.exe I
can see it is getting authorised
June 27th, 2012 3:16am
Please find my MPS Reporting Tool logs
https://skydrive.live.com/redir?resid=B9B74F2B701A14DD!118
Free Windows Admin Tool Kit Click here and download it now
June 27th, 2012 3:58am
Hi,
I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
Thank you for your understanding and support.
Regards
Kevin
June 28th, 2012 12:01am
Hi,
I suggest you can change MaxPacketSize to 1 to force the computer to use Kerberos traffic over TCP instead of UDP. To do this, follow these steps:
Start Registry Editor.Locate and then click the following registry subkey:
<samp>HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ Kerberos\Parameters</samp>
Note If the Parameters key does not exist, create it now.On the Edit menu, point to New, and then click
DWORD Value.Type MaxPacketSize, and then press ENTER.Double-click MaxPacketSize, type 1 in the
Value data box, click to select the Decimal option, and then click OK.Quit Registry Editor.Restart your computer.
For more information please refer to the following article:
How to force Kerberos to use TCP instead of UDP in Windows:
http://support.microsoft.com/kb/244474
Regards,
DennyPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
June 29th, 2012 10:59am
MaxPacketSize already is set to 1
July 2nd, 2012 2:52am
I just check the server 02/07/2012 at 8 we have 50 errors on server.
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 3
Date: 02/07/2012
Time: 07:43:08
User: N/A
Computer: server
Description:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 6:43:8.0000 7/2/2012 Z
Error Code: 0xd KDC_ERR_BADOPTION
Extended Error: 0xc00000bb KLIN(0)
Client Realm:
Client Name:
Server Realm: domain
Server Name: host/
Target Name: host/
Error Text:
File: 9
Line: b22
Error Data is in record data.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 30 15 a1 03 02 01 03 a2 0.....
0008: 0e 04 0c bb 00 00 c0 00 ......
0010: 00 00 00 03 00 00 00 .......
Free Windows Admin Tool Kit Click here and download it now
July 2nd, 2012 2:59am
more errors today.
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 3
Date: 03/07/2012
Time: 08:35:45
User: N/A
Computer:
Description:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 7:35:45.0000 7/3/2012 Z
Error Code: 0xd KDC_ERR_BADOPTION
Extended Error: 0xc00000bb KLIN(0)
Client Realm:
Client Name:
Server Realm:
Server Name: host/
Target Name: host/
Error Text:
File: 9
Line: b22
Error Data is in record data.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 30 15 a1 03 02 01 03 a2 0.....
0008: 0e 04 0c bb 00 00 c0 00 ......
0010: 00 00 00 03 00 00 00 .......
July 3rd, 2012 3:40am
Can someone please answer this question.
Free Windows Admin Tool Kit Click here and download it now
July 5th, 2012 5:53am
Hi,
The error "0xd KDC_ERR_BADOPTION" may be resulted from the expiration of <st1:stockticker w:st="on">TGT</st1:stockticker>. if the server is a Terminal server, it is very possible that users did not logoff their session before leaving their office and
cause the expiration of TGT. If it is the case we can safely ignore it and do nothing more, because the <st1:stockticker w:st="on">TGT</st1:stockticker> will be automatically renewed or a new one will be requested if needed. For example, Windows
XP and Windows Server 2003 will recover from this automatically.
We could disable the Excessive Kerberos logging by setting the LogLevel registry key to 0:
<samp>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters</samp>
Registry Value:
<samp>LogLevel</samp>
Value Type:
<samp>REG_DWORD</samp>
We should only enable this registy if you are really encountering Kerberos authentication issues.
Reference:
How to enable Kerberos event logging:
http://support.microsoft.com/kb/262177
Regards,
Denny Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
July 10th, 2012 6:12am
Is they any way I can confirm this.
Also What about the other errors.
Free Windows Admin Tool Kit Click here and download it now
July 10th, 2012 6:23am
More errors.
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 10:29:23.0000 7/10/2012 Z
Error Code: 0xd KDC_ERR_BADOPTION
Extended Error: 0xc00000bb KLIN(0)
Client Realm:
Client Name:
Server Realm: Domian
Server Name: host/server.Domian.com
Target Name: host/server.Domian.com@Domian.com
Error Text:
File: 9
Line: b22
Error Data is in record data.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 9:35:56.0000 7/10/2012 Z
Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN
Extended Error:
Client Realm:
Client Name:
Server Realm: domain.COM
Server Name: server.domain.COM
Target Name: server.domain.COM@domain.COM
Error Text:
File: 9
Line: b22
Error Data is in record data.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
July 10th, 2012 6:35am
I just check in Remote desktop Service manage and I can't see anyone is logged onto this server, but still keep showing these errors.
Free Windows Admin Tool Kit Click here and download it now
July 10th, 2012 6:40am
Hi,
The error "0x34 - KRB_ERR_RESPONSE_TOO_BIG" should have been fixed after we apply the hotfix and set the
MaxPacketSize to 1.
For the error "0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN", it is usually resulted from incorrect SPN(service principle name), if we want to investigate it further, we need to check the events one by one.
You can find a similar issue in the following link:
http://support.microsoft.com/kb/887993
Regards,
Denny ZhouPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
July 13th, 2012 1:18pm
I have applied MaxPacketSize to 1
check it for last few days i can't see this error anymore but i'm still seeing this error.
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 3
Date: 14/07/2012
Time: 20:22:07
User: N/A
Computer: sr
Description:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 19:22:7.0000 7/14/2012 Z
Error Code: 0xd KDC_ERR_BADOPTION
Extended Error: 0xc00000bb KLIN(0)
Client Realm:
Client Name:
Server Realm: dm.COM
Server Name: host/server.dm.com
Target Name: host/sr.dm.com@dm.COM
Error Text:
File: 9
Line: b22
Error Data is in record data.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 30 15 a1 03 02 01 03 a2 0.....
0008: 0e 04 0c bb 00 00 c0 00 ......
0010: 00 00 00 03 00 00 00 .......
Free Windows Admin Tool Kit Click here and download it now
July 14th, 2012 3:31pm
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 3
Date: 23/07/2012
Time: 09:07:10
User: N/A
Computer: server
Description:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 8:7:10.0000 7/23/2012 Z
Error Code: 0xd KDC_ERR_BADOPTION
Extended Error: 0xc00000bb KLIN(0)
Client Realm:
Client Name:
Server Realm:
Server Name: host/
Target Name: host/
Error Text:
File: 9
Line: b22
Error Data is in record data.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 30 15 a1 03 02 01 03 a2 0.....
0008: 0e 04 0c bb 00 00 c0 00 ......
0010: 00 00 00 03 00 00 00 .......
July 23rd, 2012 4:16am
All of our DC servers are set to these settings.
Free Windows Admin Tool Kit Click here and download it now
July 23rd, 2012 4:29am