Kerberos machine authentication

J

JCB_MCSE_wannabe

I recently built a small AD-integrated DNS domain network for labbing
purposes using my TechNet Plus Server 2003 Ent. OS. The single server is
also running DNS and DHCP. All of my clients (yeah, all SIX of them - I did
say SMALL!) are running XPsp2. Hosts connect to the network using wireless
cards through a linksys NAT-enabled router/switch. The server is hard wired
to one of the switch ports on the linksys. I am using 128-bit WEP encryption
and further control access using a MAC table of allowed hosts on the
wireless. Three machines are workstations and three are laptop/portables.

I successfully joined the client machines to the domain. They receive
DHCP-assigned IP addresses. However, when I run the Netdiag commmand, I
receive PASSING results for all tested parameters, EXCEPT the Kerberos test
which gives a " [FATAL] Kerberos does not have a ticket for
host/mymachinename.mydomainname".

The strange thing is that immediately after I joined the machines to the
domain and ran Netdiag, a PASSING Kerberos result is obtained. HOWEVER, once
the machines are restarted, the Kerberos test yields a consistent FAILED
status. With Server2003/XP, I thought Kerberos v.5 was the default
authentication protocol. If my machine is not being authenticated, how come
I can still access domain resources? Should my audit logs show a "logon"
event instead of an "account logon" event if my machine is not authenticated
(different from users)?

Does anyone have an explanation? I would prefer guidance on how to
efficiently troubleshoot this problem and not just "here, do this" to solve
the problem. The REAL problem is I don't yet have the troubleshooting skills
to effectively address the apparent Kerberos authentication failures.

Any help would be appreciated.

JCB\1059
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top