Kerberos and authentication troubleshooting

This excerpt from "Windows Server 2003 security infrastructures" explores some basic Kerberos and Windows Server 2003 authentication troubleshooting tools.

The following excerpt, courtesy of Elsevier Digital Press, is from Chapter 5 of the book "Windows Server 2003 security...

infrastructures" written by Jan De Clercq. Click for the complete book excerpt series or purchase the book.

Kerberos and authentication troubleshooting

In the next two sections, we will explore some basic Kerberos and Windows Server 2003 authentication troubleshooting tools. An indispensable tool for every administrator is the Event Viewer. The next section will list some common Kerberos error messages as they appear in the Event Viewer. The following side note explains how to enable advanced Kerberos event logging.

Enabling Advanced Kerberos Event Logging
Advanced Kerberos event logging can be enabled using the following Windows registry hack. Set the Loglevel registry key (REG_DWORD) to value 1. Loglevel is located in the following registry key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaKerberosParameters.

Kerberos error messages

In Windows Server 2003, Microsoft included some Kerberos-specific event IDs. They are listed in Table 5.11. If you want to go even more in detail, Table 5.12 shows the Kerberos-related error messages as they appear in the Windows Event Viewer. Both can give interesting hints when troubleshooting Kerberos authentication problems.

Table 5.11 Kerberos-specific Event IDs.

Table 5.12 Kerberos Error Messages and Meaning.

Troubleshooting tools

Microsoft delivers several tools to troubleshoot Kerberos (see Table 5.13). They are spread across the resource kit, the support tools, and the platform SDK. Most of them are command prompt tools.

Table 5.13 Kerberos Troubleshooting Tools.

Click for the next excerpt in this series: Kerberos interoperability

Click for the book excerpt series or visit Elsevier to obtain the complete book.

Dig Deeper on Microsoft Active Directory Design and Administration



Find more PRO+ content and other member only offers, here.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:









  • VDI assessment guide

    Wait! Don't implement VDI technology until you know your goals and needs. A VDI assessment should consider the benefits of a VDI ...

  • Guide to calculating ROI from VDI

    Calculating ROI from VDI requires a solid VDI cost analysis. Consider ROI calculation models, storage costs and more to determine...

  • Keep the cost of VDI storage under control

    Layering, persona management tools and flash arrays help keep virtual desktop users happy and VDI storage costs down.