Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » ntlm / kerberos
ntlm / kerberos [message #159406] Wed, 29 July 2009 12:58 Go to next message
tim braun  is currently offline tim braun  Switzerland
Messages: 1
Registered: July 2009
Junior Member
hello,

after upgrading from a w2k3 ad into a pure windows 2008 environment,
we found out, that a certain client software running on xp sp3 is not
able to authenticate with kerberos. it only works with ntlm
authentication. are there any diagnostic-tools, which can provice me
detailed information, why the kerberos-authentication fails ?

thanx alot
tim
Re: ntlm / kerberos [message #159411 is a reply to message #159406] Wed, 29 July 2009 14:10 Go to previous messageGo to next message
Santhosh Sivarajan  is currently offline Santhosh Sivarajan
Messages: 110
Registered: July 2009
Senior Member
Kerbtray.exe?
http://www.microsoft.com/Downloads/details.aspx?FamilyID=9d4 67a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en


Santhosh Sivarajan | MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA
http://blogcastrepository.com/blogs/santhosh/
http://www.sivarajan.com/publications.html



"tim braun" <tim.braun@freesurf.ch> wrote in message
news:c110df9b-2705-45b4-ab95-b2fa56e1b673@18g2000yqa.googlegroups.com...
> hello,
>
> after upgrading from a w2k3 ad into a pure windows 2008 environment,
> we found out, that a certain client software running on xp sp3 is not
> able to authenticate with kerberos. it only works with ntlm
> authentication. are there any diagnostic-tools, which can provice me
> detailed information, why the kerberos-authentication fails ?
>
> thanx alot
> tim
RE: ntlm / kerberos [message #159413 is a reply to message #159406] Wed, 29 July 2009 14:24 Go to previous messageGo to next message
AceFekayMCT  is currently offline AceFekayMCT
Messages: 4
Registered: July 2009
Junior Member
Hi Tim,

Santosh provided some Kerberos tools to look at.

My feeling wtih the app, is that it may not be able to handle SMB signing.
This is indicative of older apps, such as with Macs, Win9x and DOS apps and
operating systems trying to connect to the newer operating systems.

Take look at the following links for more info.

Overview of Server Message Block signing
http://support.microsoft.com/kb/887429

How to upgrade Windows 2000 domain controllers to Windows Server 2003
http://support.microsoft.com/kb/325379

So what is SMB Signing all about? - KWSupportYou can read how to disable SMB
signing at the M&M site here:
http://msmvps.com/blogs/kwsupport/archive/2005/04/02/40653.a spx

Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging


"tim braun" wrote:

> hello,
>
> after upgrading from a w2k3 ad into a pure windows 2008 environment,
> we found out, that a certain client software running on xp sp3 is not
> able to authenticate with kerberos. it only works with ntlm
> authentication. are there any diagnostic-tools, which can provice me
> detailed information, why the kerberos-authentication fails ?
>
> thanx alot
> tim
>
RE: ntlm / kerberos [message #159418 is a reply to message #159406] Wed, 29 July 2009 14:46 Go to previous messageGo to next message
Anderson Lacruz  is currently offline Anderson Lacruz
Messages: 15
Registered: July 2009
Junior Member
Hi Tim

I can give you some point to verify:
1. Check in your Default domain policy if you have enable the Kerberos policy
Verify is the policy is applying in your client
2. You can test the port used by kerberos. Check this link
http://technet.microsoft.com/en-us/library/cc772815(WS.10).aspx
TCP (88) UDP(88) Use portqry command between client and DC
3. You can use the Netdiag /test:kerberos command between the client and the
DC

These commands you can find it in support tools which normally is included
in the Operating System media

Regards
Anderson L
"tim braun" wrote:

> hello,
>
> after upgrading from a w2k3 ad into a pure windows 2008 environment,
> we found out, that a certain client software running on xp sp3 is not
> able to authenticate with kerberos. it only works with ntlm
> authentication. are there any diagnostic-tools, which can provice me
> detailed information, why the kerberos-authentication fails ?
>
> thanx alot
> tim
>
Re: ntlm / kerberos [message #159432 is a reply to message #159406] Wed, 29 July 2009 16:15 Go to previous messageGo to next message
Jorge Silva  is currently offline Jorge Silva
Messages: 398
Registered: July 2009
Senior Member
Hi
Can you be more specific about the problem and app?

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MVP Directory Services
"tim braun" <tim.braun@freesurf.ch> wrote in message
news:c110df9b-2705-45b4-ab95-b2fa56e1b673@18g2000yqa.googlegroups.com...
> hello,
>
> after upgrading from a w2k3 ad into a pure windows 2008 environment,
> we found out, that a certain client software running on xp sp3 is not
> able to authenticate with kerberos. it only works with ntlm
> authentication. are there any diagnostic-tools, which can provice me
> detailed information, why the kerberos-authentication fails ?
>
> thanx alot
> tim
Re: ntlm / kerberos [message #159443 is a reply to message #159406] Wed, 29 July 2009 16:43 Go to previous messageGo to next message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello tim,

What kind of application are you talking about. I agree with SMB problem
as Ace pointed out.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> hello,
>
> after upgrading from a w2k3 ad into a pure windows 2008 environment,
> we found out, that a certain client software running on xp sp3 is not
> able to authenticate with kerberos. it only works with ntlm
> authentication. are there any diagnostic-tools, which can provice me
> detailed information, why the kerberos-authentication fails ?
>
> thanx alot
> tim
Re: ntlm / kerberos [message #159513 is a reply to message #159406] Thu, 30 July 2009 12:41 Go to previous messageGo to next message
John Lan  is currently offline John Lan  Korea, Republic of
Messages: 1
Registered: July 2009
Junior Member
sniffing a network trace can help to profile this issue, e.g. ms netmon 3.2
or wireshark ?

"tim braun" <tim.braun@freesurf.ch> 写入消息
news:c110df9b-2705-45b4-ab95-b2fa56e1b673@18g2000yqa.googlegroups.com...
> hello,
>
> after upgrading from a w2k3 ad into a pure windows 2008 environment,
> we found out, that a certain client software running on xp sp3 is not
> able to authenticate with kerberos. it only works with ntlm
> authentication. are there any diagnostic-tools, which can provice me
> detailed information, why the kerberos-authentication fails ?
>
> thanx alot
> tim
Re: ntlm / kerberos [message #159530 is a reply to message #159513] Thu, 30 July 2009 18:45 Go to previous message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"John Lan" <lanxiaowei@hotmail.com> wrote in message
news:%2306SkVUEKHA.1488@TK2MSFTNGP03.phx.gbl...
> sniffing a network trace can help to profile this issue, e.g. ms netmon
> 3.2 or wireshark ?
>


Yes, either one will. But I'm curious, if you've contacted the software
vendor first to determine if this is the way it works. It's possible that on
one of the 2003 DCs, you've detuned SMB signing to allow NTLM
authentication, as I've explained in my previous post?

Ace
Previous Topic:Re: Event ID 404 Errors
Next Topic:Only boots in to AD recovery
Goto Forum:
  


Current Time: Sat Jan 20 08:30:18 MST 2018

Total time taken to generate the page: 0.03964 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software