Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > Kerberos requesting services using wrong user....

Kerberos requesting services using wrong user....

Forum Windows 2000/NT : Windows 2000/NT General Discussion - Kerberos requesting services using wrong user....

Tom's Hardware: Over 1.4 million members in 6 different countries available to answer all your high-tech questions. Sign up now! Its free!
Ask the community Add a reply
Word :    Username :           
 
Anonymous   11-10-2004 at 08:17:04 PM

Archived from groups: microsoft.public.win2000.security (More info?)

 

I logged onto my workstation (XP Pro on Win2k AD domain) earlier this week
using a different username. Now when I log into my PC with MY username, the
DC's security event log is showing that the kerberos service tickets are
being requested by the other user.

The problem is that the other user is simply a domain user, but I am a
Domain Admin. I only have the rights of a normal user now using MMC to
administer the domain. Also, when I do a net use to an $admin drive share on
another pc, I get the login dialog box with the OTHER user already in the
username field - instead of just letting me in like it always did.

How can I re-set the user that my Kerberos client is using to request
tickets and services from my PC?!?!
I have already done the following:

1. Removed the other users profile from my PC - and did a search of the
registry, and the user name is nowhere to be found except in the old
\documents and settings\profile path
2. Disabled the other user in AD - but then I get all kinds of kerberos
failures and errors on my PC and the DC's security log - MMC doesnt work at
all at that point.
3. Tried to run setspn.exe - errors finding object
4. Spent the last 6 hours searching other forums and KB's to no avail
5. Removed and re-joined my PC to the domain.

Shouldnt kerberos ONLY request tickets and services using the currently
logged on user?

Whoever knows the answer to this one is a TRUE MASTER! HELP!!

Thanks,
Mike

Add a reply
Sponsored Links
Register or log in to remove.
Anonymous   11-15-2004 at 08:11:10 PM
- 0 +

Archived from groups: microsoft.public.win2000.security (More info?)

 

Hi Mike-

What happens if you logon as a seperate account with local Administrative
privileges, rename your current problem profile and then logon as your user
account for the domain? Does the issue still occur?

This should prompt creation of a new profile for your account, which is the
initial suspect from your descrption below.

--

Tim Springston
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
"Mike V" <Mike V@discussions.microsoft.com> wrote in message
news:0F991627-936E-4421-A2ED-CF6942035D91@microsoft.com...
>I logged onto my workstation (XP Pro on Win2k AD domain) earlier this week
> using a different username. Now when I log into my PC with MY username,
> the
> DC's security event log is showing that the kerberos service tickets are
> being requested by the other user.
>
> The problem is that the other user is simply a domain user, but I am a
> Domain Admin. I only have the rights of a normal user now using MMC to
> administer the domain. Also, when I do a net use to an $admin drive share
> on
> another pc, I get the login dialog box with the OTHER user already in the
> username field - instead of just letting me in like it always did.
>
> How can I re-set the user that my Kerberos client is using to request
> tickets and services from my PC?!?!
> I have already done the following:
>
> 1. Removed the other users profile from my PC - and did a search of the
> registry, and the user name is nowhere to be found except in the old
> \documents and settings\profile path
> 2. Disabled the other user in AD - but then I get all kinds of kerberos
> failures and errors on my PC and the DC's security log - MMC doesnt work
> at
> all at that point.
> 3. Tried to run setspn.exe - errors finding object
> 4. Spent the last 6 hours searching other forums and KB's to no avail
> 5. Removed and re-joined my PC to the domain.
>
> Shouldnt kerberos ONLY request tickets and services using the currently
> logged on user?
>
> Whoever knows the answer to this one is a TRUE MASTER! HELP!!
>
> Thanks,
> Mike

Reply to Anonymous
Ask the community Add a reply
Tom's Hardware > Forum > Windows 2000/NT > Windows 2000/NT General Discussion > Kerberos requesting services using wrong user....
Go to:

There are 872 identified and unidentified users. To see the list of identified users, Click here.

Forum map
Bestofmedia Forum ©
2000-2009 Bestofmedia Group
Page generated in 1.840 seconds
Please mind

You are about to answer a thread that has been inactive for more than 6 months.
If you still wish to proceed, please ensure that your posting is original and does not duplicate or overlap any prior responses to this thread.

Add a reply Cancel
Sponsored links
  • Ask the community now
  • Publish
Ad
Related Topics
See all relatives topics
They won a badge
Join us in greeting them
How do I win badges?