Event ID - 10

Event Id10
SourceMicrosoft-Windows-Security-Kerberos
DescriptionThe kerberos subsystem is having problems fetching tickets from your domain controller using the UDP network protocol. This is typically due to network problems. Please contact your system administrator.
Event Information According to Microsoft :

Cause :

This event is logged when the kerberos subsystem is fetching tickets from your domain controller using the UDP network protocol.

Resolution :

Configure the Kerberos authentication service to use TCP

By default, Kerberos authentication uses the User Datagram Protocol (UDP) to transmit its data. UDP provides no guarantee that a packet will reach its destination intact. Thus, in environments with a high amount of network congestion it is common for packets to get lost or fragmented during transit. You can decrease the likelihood of UDP fragmentation occurring by configuring the Kerberos authentication service to use TCP instead of UDP.

To perform this procedure, you must be a member of the local Administrators group, or you must have been delegated the appropriate authority.

To configure the Kerberos authentication service to use TCP:

Caution : Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.
  1. Log on to the Kerberos client.
  2. Click Start .
  3. In the Start Search box, type regedit , and then press ENTER.
  4. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue .
  5. Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters .
  6. Right-click Parameters , point to New , and then click DWORD (32-bit) Value .
  7. Name the registry entry MaxPacketSize .
  8. Right-click MaxPacketSize , and then click Modify .
  9. Under Base , click Decimal .
  10. 10.Type 1 , and then click OK .
  11. Close Registry Editor.
  12. Restart the computer.
Note : This should be completed on every Kerberos client on your network.

Verify :

To verify that the Kerberos client is correctly configured, you should ensure that a Kerberos ticket was received from the Key Distribution Center (KDC) and cached on the local computer. You can view cached Kerberos tickets on the local computer by using the Klist command-line tool.

Note : Klist.exe is not included with Windows Vista, Windows Server 2003, Windows XP, or Windows 2000. You must download and install the Windows Server Resource Kit before you can use Klist.exe.

To view cached Kerberos tickets by using Klist:
  1. Log on to the Kerberos client computer.
  2. Click Start , point to All Programs , click Accessories , and then click Command Prompt .
  3. Type klist tickets , and then press ENTER.
  4. Verify that a cached Kerberos ticket is available.
    • Ensure that the Client field displays the client on which you are running Klist.
    • Ensure that the Server field displays the domain in which you are connecting.
  5. Close the command prompt.
Reference LinksEvent ID 10 from Microsoft-Windows-Security-Kerberos

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh