| Event Information | According to Microsoft :
Cause :
This event is logged when a request failed from client realm for a ticket in realm.
Resolution :
Create a transitive realm trust
Kerberos requires transitive trusts between realms so that ticket requests from Kerberos clients are accepted. You must delete the current realm trust and then create a new transitive realm trust by using Active Directory Domains and Trusts.
Note : The realms are identified in the event log message.
To perform these procedures, you must be a member of the Domain Admins group, or you must have been delegated the appropriate authority.
Remove the existing realm trust
To remove the existing one-way realm trust by using Active Directory Domains and Trusts: - Log on to a computer that has Active Directory Domains and Trusts installed. It is installed by default on a domain controller.
- Click Start , point to Administrative Tools , and then click Active Directory Domains and Trusts .
- In the console tree, right-click the domain that contains the trust that you want to remove, and then click Properties .
- Click the Trusts tab .
- Click the trust to be removed, and then click Remove .
- Click Yes to remove the trust from both the local domain and the other domain.
- Provide administrative credentials for the reciprocal domain, and then click OK .
Create a new realm trust
To create a new transitive realm trust: - Log on to a computer that has Active Directory Domains and Trusts installed. It is installed by default on a domain controller.
- Click Start , point to Administrative Tools , and then click Active Directory Domains and Trusts .
- In the console tree, right-click the domain that contains the trust that you want to remove, and then click Properties .
- Click the Trusts tab , and then click New Trust .
- On the Welcome to the New Trust Wizard page, click Next .
- In the Name box, type the name of the realm for this trust, and then click Next .
- Ensure that Realm trust is selected, and then click Next .
- Click Transitive , and then click Next .
- Click Two-way , and then click Next .
- In the Trust password and Confirm trust password boxes, type a password that complies with your organization's password complexity requirements. This password will be used when creating this trust relationship in the specified domain.
- Click Next .
- Click Next , and then click Finish .
- Repeat steps 1-12 in the other domain, using the same trust password specified in step 9.
Verify :
To perform this procedure, you must be a member of the Domain Admins group, or you must have been delegated the appropriate authority.
To verify the trust relationship by using Active Directory Domains and Trusts: - Log on to a computer that has Active Directory Domains and Trusts installed. It is installed by default on a domain controller.
- Click Start , point to Administrative Tools , and then click Active Directory Domains and Trusts .
- In the console tree, right-click the domain that contains the trust that you want to remove, and then click Properties .
- On the Trusts tab, under either Domains trusted by this domain (outgoing trusts) or Domains that trust this domain (incoming trusts), click the trust to be verified, and then click Properties .
- Click Validate .
- Click Yes, validate the incoming trust , and then click OK .
|