[Dshield] Strange authentication problem.

Al Reust areust at comcast.net
Wed Jan 12 01:25:45 GMT 2005


Hello Hamed

What you have described appears to be an "old" problem. As I did a quick 
peek at the conversation see that the logon process is using Kerberos. 
Without digging through Technet, would say that if you go "set time" on 
your member server to that of the DC it will let you back in again. Time 
is/was critical in Kerberos and an offset of 5 minutes breaks Kerberos.

The end result is that the security token that you presented, to connect to 
the DC is incorrect! The Logon is rejected. So when the last patch was 
installed time was skewed...

This also indicates that when you do a Domain Logon, that time is not being 
set properly.  You should look at the time function within your Domain.

Al


At 10:08 AM 1/11/2005 +0400, you wrote:
>Hello Packets Experts,
>
>I have a strange problem on one of my windows 2003 member server, not
>able to communicate with my domain controllers recently after applying a
>patch, if there was any other change b4 applying the patch I am not
>aware.
>
>Server is fully patched and has latest anti-virus updates installed.  It
>is not exposed to internet.
>
>I have done a port capture and found something strange at packet 416
>which says unreassembled packet, could not figure the reason or solution
>of the problem yet.  Tried restarting the server, didn't work.
>
>I am including the port capture done thru ethereal, I have tried
>connecting to IPC$ of my domain controller, it asks for username and
>password which when I enter it rejects the logon credentials, I am
>logged on the server using the domain administrator account and going to
>C$ of any other servers and client machines is possible, but only when
>it is Domain controller it does not work.  DC can c this server's c$, no
>problem. This server is having LANDesk Management Suite 8.1 installed.
>
>My member server address is 172.16.110.12 and DC address is
>172.16.110.14
>
>Any ideas are highly appreciated.
>
>I am including the attachment as a text file.
>
>Regards,
>
>Saeed Hamed Alhajri,





More information about the list mailing list