[Dshield] Strange authentication problem.

Hamed, Saeed Saeed.Hamed at persequor.com
Wed Jan 12 09:58:11 GMT 2005


Hello Sir,

Time is perfectly alright, I can log on to server, the problem u r
pointing out wont even allow the logon.

It is after logon I am not able to access DCs, Domain controllers are
2003.

Waiting for another advice.

Regards,

Saeed Hamed Alhajri,
Brightpoint Middle East.

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Al Reust
Sent: Wednesday, January 12, 2005 5:26 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Strange authentication problem.

Hello Hamed

What you have described appears to be an "old" problem. As I did a quick

peek at the conversation see that the logon process is using Kerberos. 
Without digging through Technet, would say that if you go "set time" on 
your member server to that of the DC it will let you back in again. Time

is/was critical in Kerberos and an offset of 5 minutes breaks Kerberos.

The end result is that the security token that you presented, to connect
to 
the DC is incorrect! The Logon is rejected. So when the last patch was 
installed time was skewed...

This also indicates that when you do a Domain Logon, that time is not
being 
set properly.  You should look at the time function within your Domain.

Al


At 10:08 AM 1/11/2005 +0400, you wrote:
>Hello Packets Experts,
>
>I have a strange problem on one of my windows 2003 member server, not
>able to communicate with my domain controllers recently after applying
a
>patch, if there was any other change b4 applying the patch I am not
>aware.
>
>Server is fully patched and has latest anti-virus updates installed.
It
>is not exposed to internet.
>
>I have done a port capture and found something strange at packet 416
>which says unreassembled packet, could not figure the reason or
solution
>of the problem yet.  Tried restarting the server, didn't work.
>
>I am including the port capture done thru ethereal, I have tried
>connecting to IPC$ of my domain controller, it asks for username and
>password which when I enter it rejects the logon credentials, I am
>logged on the server using the domain administrator account and going
to
>C$ of any other servers and client machines is possible, but only when
>it is Domain controller it does not work.  DC can c this server's c$,
no
>problem. This server is having LANDesk Management Suite 8.1 installed.
>
>My member server address is 172.16.110.12 and DC address is
>172.16.110.14
>
>Any ideas are highly appreciated.
>
>I am including the attachment as a text file.
>
>Regards,
>
>Saeed Hamed Alhajri,


-------------- Sponsor Message ------------------------------------
SANS Intrusion Immersion Training: Orlando, FL, February 3-9th
http://www.sans.org/orlando05

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list