| Author |
Message |
Enyalius
Guest
|
 Posted:
Thu Nov 10, 2005 9:50 pm Post subject:
Kerberos Error 594 |
|
|
I am running a SBS2k machine, I had noticed that recently there were a lot of
failure audits in the Security section of the event viewer. I wanted to get
to the bottom of them and see why this was happening, I found that a lot of
the failed logs had krbtgt.
I used MS article 262177 to enable Kerberos logging, I found that I would
get errors in event viewer in the System log. Source: Kerberos EventId: 594
I tried to locate information on this error but failed to find anything that
would assist in repairing the problem. I found out that the error I was
getting was:
"0x7 (KRB_ERR_S_PRINCIPAL_UNKNOWN) "Server not found in Kerberos database"
The KDC could not translate the server principal name from the KDC request
into an account in the Active Directory. Generally, verifying whether the
server account exists and has propagated to the domain controller that
generated the error. Checking Active Directory replication may provides an
indication of why the error occurred. Also if the server is not at least
Windows 2000, there will not be any service principal names registered
because that server is not capable of authenticating with Kerberos. In this
case, this error can be ignored because the client will then switch to NTLM
for authentication."
As per MS article 230476
The error I am getting to be exact on the event viewer is:
"A Kerberos Error Message was received:
on logon session InitializeSecurityContext
Client Time:
Server Time:
Error Code: 17:47:1.0000 11/10/2005 (null) 0x7
Extended Error: KDC_ERR_S_PRINCIPAL_UNKNOWN
Client Realm:
Client Name:
Server Realm: INTERNAL_DOMAIN
Server Name: krbtgt/INTERNAL_DOMAIN
Target Name: DNS/prisoner.iana.org@INTERNAL_DOMAIN
Error Text:
File:
Line:
Error Data is in record data. "
There don't seem to be any helpful pieces of information on the internet
which would seem to relate to this issue, can anyone that has had this
problem or is familar with the solution please post.
Thank you. |
|
| Back to top |
|
 |
Cris Hanna [SBS-MVP]
Guest
|
| Posted:
Fri Nov 11, 2005 1:50 am Post subject:
Re: Kerberos Error 594 |
|
|
Are your workstations time synching with the server??
--
Cris Hanna [SBS-MVP]
-----------------------------------------------
Please do not contact me directly. Please only repond here in the newsgroup
for the benefit of all.
"Enyalius" <Enyalius@discussions.microsoft.com> wrote in message
news:B2D4C59F-5691-456A-828A-AFC05713C959@microsoft.com...
| Quote: | I am running a SBS2k machine, I had noticed that recently there were a lot
of
failure audits in the Security section of the event viewer. I wanted to
get
to the bottom of them and see why this was happening, I found that a lot
of
the failed logs had krbtgt.
I used MS article 262177 to enable Kerberos logging, I found that I would
get errors in event viewer in the System log. Source: Kerberos EventId:
594
I tried to locate information on this error but failed to find anything
that
would assist in repairing the problem. I found out that the error I was
getting was:
"0x7 (KRB_ERR_S_PRINCIPAL_UNKNOWN) "Server not found in Kerberos database"
The KDC could not translate the server principal name from the KDC request
into an account in the Active Directory. Generally, verifying whether the
server account exists and has propagated to the domain controller that
generated the error. Checking Active Directory replication may provides an
indication of why the error occurred. Also if the server is not at least
Windows 2000, there will not be any service principal names registered
because that server is not capable of authenticating with Kerberos. In
this
case, this error can be ignored because the client will then switch to
NTLM
for authentication."
As per MS article 230476
The error I am getting to be exact on the event viewer is:
"A Kerberos Error Message was received:
on logon session InitializeSecurityContext
Client Time:
Server Time:
Error Code: 17:47:1.0000 11/10/2005 (null) 0x7
Extended Error: KDC_ERR_S_PRINCIPAL_UNKNOWN
Client Realm:
Client Name:
Server Realm: INTERNAL_DOMAIN
Server Name: krbtgt/INTERNAL_DOMAIN
Target Name: DNS/prisoner.iana.org@INTERNAL_DOMAIN
Error Text:
File:
Line:
Error Data is in record data. "
There don't seem to be any helpful pieces of information on the internet
which would seem to relate to this issue, can anyone that has had this
problem or is familar with the solution please post.
Thank you. |
|
|
| Back to top |
|
|
Enyalius
Guest
|
| Posted:
Fri Nov 11, 2005 1:50 am Post subject:
Re: Kerberos Error 594 |
|
|
Yes the workstations do time synch to the SBS2k server.
"Cris Hanna [SBS-MVP]" wrote:
| Quote: | Are your workstations time synching with the server??
--
Cris Hanna [SBS-MVP]
-----------------------------------------------
Please do not contact me directly. Please only repond here in the newsgroup
for the benefit of all.
"Enyalius" <Enyalius@discussions.microsoft.com> wrote in message
news:B2D4C59F-5691-456A-828A-AFC05713C959@microsoft.com...
I am running a SBS2k machine, I had noticed that recently there were a lot
of
failure audits in the Security section of the event viewer. I wanted to
get
to the bottom of them and see why this was happening, I found that a lot
of
the failed logs had krbtgt.
I used MS article 262177 to enable Kerberos logging, I found that I would
get errors in event viewer in the System log. Source: Kerberos EventId:
594
I tried to locate information on this error but failed to find anything
that
would assist in repairing the problem. I found out that the error I was
getting was:
"0x7 (KRB_ERR_S_PRINCIPAL_UNKNOWN) "Server not found in Kerberos database"
The KDC could not translate the server principal name from the KDC request
into an account in the Active Directory. Generally, verifying whether the
server account exists and has propagated to the domain controller that
generated the error. Checking Active Directory replication may provides an
indication of why the error occurred. Also if the server is not at least
Windows 2000, there will not be any service principal names registered
because that server is not capable of authenticating with Kerberos. In
this
case, this error can be ignored because the client will then switch to
NTLM
for authentication."
As per MS article 230476
The error I am getting to be exact on the event viewer is:
"A Kerberos Error Message was received:
on logon session InitializeSecurityContext
Client Time:
Server Time:
Error Code: 17:47:1.0000 11/10/2005 (null) 0x7
Extended Error: KDC_ERR_S_PRINCIPAL_UNKNOWN
Client Realm:
Client Name:
Server Realm: INTERNAL_DOMAIN
Server Name: krbtgt/INTERNAL_DOMAIN
Target Name: DNS/prisoner.iana.org@INTERNAL_DOMAIN
Error Text:
File:
Line:
Error Data is in record data. "
There don't seem to be any helpful pieces of information on the internet
which would seem to relate to this issue, can anyone that has had this
problem or is familar with the solution please post.
Thank you.
|
|
|
| Back to top |
|
|
Cris Hanna [SBS-MVP]
Guest
|
| Posted:
Fri Nov 11, 2005 5:51 pm Post subject:
Re: Kerberos Error 594 |
|
|
check this out
http://www.eventid.net/display.asp?eventid=594&eventno=2784&source=Kerberos&phase=1
--
Cris Hanna [SBS-MVP]
-----------------------------------------------
Please do not contact me directly. Please only repond here in the newsgroup
for the benefit of all.
"Enyalius" <Enyalius@discussions.microsoft.com> wrote in message
news:DED30469-C8BE-4845-ACBD-7662237C96A4@microsoft.com...
| Quote: | Yes the workstations do time synch to the SBS2k server.
"Cris Hanna [SBS-MVP]" wrote:
Are your workstations time synching with the server??
--
Cris Hanna [SBS-MVP]
-----------------------------------------------
Please do not contact me directly. Please only repond here in the
newsgroup
for the benefit of all.
"Enyalius" <Enyalius@discussions.microsoft.com> wrote in message
news:B2D4C59F-5691-456A-828A-AFC05713C959@microsoft.com...
I am running a SBS2k machine, I had noticed that recently there were a
lot
of
failure audits in the Security section of the event viewer. I wanted
to
get
to the bottom of them and see why this was happening, I found that a
lot
of
the failed logs had krbtgt.
I used MS article 262177 to enable Kerberos logging, I found that I
would
get errors in event viewer in the System log. Source: Kerberos EventId:
594
I tried to locate information on this error but failed to find anything
that
would assist in repairing the problem. I found out that the error I was
getting was:
"0x7 (KRB_ERR_S_PRINCIPAL_UNKNOWN) "Server not found in Kerberos
database"
The KDC could not translate the server principal name from the KDC
request
into an account in the Active Directory. Generally, verifying whether
the
server account exists and has propagated to the domain controller that
generated the error. Checking Active Directory replication may provides
an
indication of why the error occurred. Also if the server is not at
least
Windows 2000, there will not be any service principal names registered
because that server is not capable of authenticating with Kerberos. In
this
case, this error can be ignored because the client will then switch to
NTLM
for authentication."
As per MS article 230476
The error I am getting to be exact on the event viewer is:
"A Kerberos Error Message was received:
on logon session InitializeSecurityContext
Client Time:
Server Time:
Error Code: 17:47:1.0000 11/10/2005 (null) 0x7
Extended Error: KDC_ERR_S_PRINCIPAL_UNKNOWN
Client Realm:
Client Name:
Server Realm: INTERNAL_DOMAIN
Server Name: krbtgt/INTERNAL_DOMAIN
Target Name: DNS/prisoner.iana.org@INTERNAL_DOMAIN
Error Text:
File:
Line:
Error Data is in record data. "
There don't seem to be any helpful pieces of information on the
internet
which would seem to relate to this issue, can anyone that has had this
problem or is familar with the solution please post.
Thank you.
|
|
|
| Back to top |
|
|
Enyalius
Guest
|
| Posted:
Fri Nov 11, 2005 5:51 pm Post subject:
Re: Kerberos Error 594 |
|
|
I had already checked out this link, but if you closely take a look at the
error it is not quite the same as the one that I am experiencing, the error
in eventid is LDAP and the error I get is a DNS. Not sure why I cant find
any information on this problem anywhere, but I continue looking myself I
just hope you guys can help out as well.
Thank you.
"Cris Hanna [SBS-MVP]" wrote:
| Quote: | check this out
http://www.eventid.net/display.asp?eventid=594&eventno=2784&source=Kerberos&phase=1
--
Cris Hanna [SBS-MVP]
-----------------------------------------------
Please do not contact me directly. Please only repond here in the newsgroup
for the benefit of all.
"Enyalius" <Enyalius@discussions.microsoft.com> wrote in message
news:DED30469-C8BE-4845-ACBD-7662237C96A4@microsoft.com...
Yes the workstations do time synch to the SBS2k server.
"Cris Hanna [SBS-MVP]" wrote:
Are your workstations time synching with the server??
--
Cris Hanna [SBS-MVP]
-----------------------------------------------
Please do not contact me directly. Please only repond here in the
newsgroup
for the benefit of all.
"Enyalius" <Enyalius@discussions.microsoft.com> wrote in message
news:B2D4C59F-5691-456A-828A-AFC05713C959@microsoft.com...
I am running a SBS2k machine, I had noticed that recently there were a
lot
of
failure audits in the Security section of the event viewer. I wanted
to
get
to the bottom of them and see why this was happening, I found that a
lot
of
the failed logs had krbtgt.
I used MS article 262177 to enable Kerberos logging, I found that I
would
get errors in event viewer in the System log. Source: Kerberos EventId:
594
I tried to locate information on this error but failed to find anything
that
would assist in repairing the problem. I found out that the error I was
getting was:
"0x7 (KRB_ERR_S_PRINCIPAL_UNKNOWN) "Server not found in Kerberos
database"
The KDC could not translate the server principal name from the KDC
request
into an account in the Active Directory. Generally, verifying whether
the
server account exists and has propagated to the domain controller that
generated the error. Checking Active Directory replication may provides
an
indication of why the error occurred. Also if the server is not at
least
Windows 2000, there will not be any service principal names registered
because that server is not capable of authenticating with Kerberos. In
this
case, this error can be ignored because the client will then switch to
NTLM
for authentication."
As per MS article 230476
The error I am getting to be exact on the event viewer is:
"A Kerberos Error Message was received:
on logon session InitializeSecurityContext
Client Time:
Server Time:
Error Code: 17:47:1.0000 11/10/2005 (null) 0x7
Extended Error: KDC_ERR_S_PRINCIPAL_UNKNOWN
Client Realm:
Client Name:
Server Realm: INTERNAL_DOMAIN
Server Name: krbtgt/INTERNAL_DOMAIN
Target Name: DNS/prisoner.iana.org@INTERNAL_DOMAIN
Error Text:
File:
Line:
Error Data is in record data. "
There don't seem to be any helpful pieces of information on the
internet
which would seem to relate to this issue, can anyone that has had this
problem or is familar with the solution please post.
Thank you.
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in