Introduction to Troubleshooting Kerberos
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
If you are using this guide for the first time, review the following sections of this introduction.
When to Use This Guide
You should use this guide when:
You have an issue related to authentication such as console logon, network logon, access to network resources, or remote access and Kerberos is the default authentication protocol.
The System event log shows errors from any services that provide authentication, such as Kerberos Key Distribution Center (kdc), Local Security Authority Server (LsaSrv), or Net Logon (Netlogon).
Failure audits in the Security event log show that the Kerberos protocol was being used when a logon failure occurred.
Do not use this guide to find out how to perform a task, such as enabling the Kerberos protocol or adding a program or port to the Kerberos exceptions list.
This guide assumes a basic understanding of Windows authentication using the Kerberos protocol, how it works, and why your organization uses it to authenticate users and services. You should also have a thorough understanding of how Kerberos authentication is deployed and managed in your organization. This includes an understanding of the mechanism your organization uses to configure and manage authentication settings generally and Kerberos settings specifically.
How to Use This Guide
This guide is divided into three sections. Each section addresses a type of problem, ranging from less complex to more complex.
This section provides a list of prerequisites and settings that must be verified before you troubleshoot. Read this section first.
This section describes how to configure your computer for troubleshooting. Read this section if you cannot find a solution in the Quick Fixes section.
This section provides step-by-step diagnostic procedures and possible solutions that help you identify and fix Kerberos-related problems.