Question : Kerberos Problems on Win 2003 Member Servers

We have a Windows 2000 AD domain, and have started to upgrade some of the member servers to Windows Server 2003. We currently have 4 member servers running Win Server 2003 standard.

On one of those, I am preparing to install Exchange Server 2003, and one of the prerequisites is to run netdiag to verify everything is working ok on the network. When I ran the netdiag tool, it reported a FATAL Kerberos error:

[FATAL] Kerberos does not have a ticket for "host/memberserver.domain"

I did some looking around, and found all of the Windows 2003 member servers are experiencing the same problem. Our Windows 2000 member servers seem fine. When I look in the security log on the domain controller , there are all kinds of errors being logged as follows:

Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 677
Date: 10/20/2003
Time: 12:02:04 PM
User: NT AUTHORITY\SYSTEM
Computer: "DOMAIN CONTROLLER NAME"
Description:
Service Ticket Request Failed:
User Name:
User Domain:
Service Name:
Ticket Options: 0x40830000
Failure Code: 0xE
Client Address: "MEMBER SERVER IP ADDRESS"

I enabled kerberos logging on a couple of the member servers, and they are recording system events that look as follows:

Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 3
Date: 10/20/2003
Time: 12:12:55 PM
User: N/A
Computer: "MEMBER SERVER NAME"
Description:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 16:12:55.0000 10/20/2003 Z
Error Code: 0xe KDC_ERR_ETYPE_NOTSUPP
Extended Error:
Client Realm:
Client Name:
Server Realm: DOMAIN NAME
Server Name: krbtgt/"DOMAIN NAME"
Target Name: host/MEMBER SERVER.DOMAIN@DOMAIN
Error Text:
File: 9
Line: ab8
Error Data is in record data.

0xE is an error code for "kerberos encryption type not supported". I have looked high and low on the net, and found other reports of similar problems, but no solution for the problem. It appears to be some kind of glitch between Windows 2003 member servers, and Windows 2000 Domain controllers. Everything seems to be working OK, but I am hesitant to proceed with the Exchange 2003 setup until this is resolved.

Anyone??

Chris Smout

Answer : Kerberos Problems on Win 2003 Member Servers

PAQed, with points refunded (500)

Computer101
E-E Admin

Random Solutions

.NET 3.5 web application crashes on 3.0 server

Gathering Information on Other Networked Computers

nslookup showing - *** Can't Find server name for address <Our Perfered DNS Address> Non Existent Domain. Help please

WiFi Bit Rate All Over the Map

CCM 4.2(1) migration to CUCM 7.x migration

Formatting weblogic for autodeploy

Opening secure port to receive TCP data

Which files do I need to alter when moving a Application Server 10g to a new host?

free vnc program. easy to deploy

ping does not work unless IP address is used