Event Id | 594 |
Source | Kerberos |
Description | A Kerberos Error Message was received: on logon session InitializeSecurityContext |
Event Information | This message from newsgroup may help you: -------------------------------------------------------------------------------- "Page 33 of the MIT Kerberos V5 Systems Administrators Guide identifies the "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN" error code as "Client not found in Kerberos database". However, the EXTENDED ERROR information identifies this error code as "Server not found in Kerberos database". This might be expected if, for example, you have a Windows 2000 Server from another Domain, with no trust relationship or parent/child relationship, which has tried to utilize a transitive trust to authenticate to the Windows 2000 DC where you received this error. It would have tried to forward a TGT from cache, and obviously this ticket was not generated by a Security Principal which the proposed authentication server would recognize. This may also be as simple as a mistyped user name or re-named Workstation/Server within your DC Domain". Check the MIT Kerberos V5 Systems Administrators Guide for information regarding your particular error code. -------------------------------------------------------------------------------- To resolve this problem, follow these steps: 1.Run the following command on the root domain controllers of the parent domain and of the child domain. This command resets the trust relationship between the parent and child domain. Netdom trust trusting_domain_name /Domain:trusted_domain_name /UserD:user /PasswordD:* /UserO:user /PasswordO:* /reset Note : a)The trusting_domain_name placeholder represents the name of the trusting domain. b)The trusted_domain_name placeholder represents the name of the trusted domain. c)The user placeholder in the /UserD:user parameter represents the user account that connects to the trusted domain. d)The user placeholder in the /UserO:user parameter represents the user account that connects to the trusting domain. 2.Let the parent and child domain controllers replicate the changes. 3.Restart the root domain controllers of the parent domain and of the child domain. Restarting these domain controllers removes the Kerberos tickets. |
Reference Links | Error Message "Cannot Find the WINS Server" Occurs When Accessing the WINS Database Kerberos' role in a 'std. setup' without bells & whistles |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.