+ Post New Thread
Results 1 to 11 of 11
Windows Server 2000/2003 Thread, Kerberos hanging on startup in Technical; ...
  1. #1
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,150
    Thank Post
    182
    Thanked 50 Times in 43 Posts
    Rep Power
    25

    Kerberos hanging on startup

    I've got a problem with the Kerberos service on a server 2003 box that I don't know how to fix

    When the server is restarted it's taking a very long time before the logon box appears and I'm getting errors about the kerberos service hanging. Here is the time line from the event log:

    8:34 event log started
    8:38 kerberos key distribution centre hung on startup
    8:53 Application popup warning about service not starting
    8:56 kerberos key distribution centre starts

    There are two servers (server A and server B) and it's server A with the problem. I've run dcdiag on both servers and it reports no problem but netdiag on server A reports “kerberos does not have a ticket for host”.

  2. #2
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,150
    Thank Post
    182
    Thanked 50 Times in 43 Posts
    Rep Power
    25
    Anyone?

  3. #3
    mrmontymick's Avatar
    Join Date
    Mar 2009
    Location
    Peterborough, UK
    Posts
    64
    Thank Post
    7
    Thanked 16 Times in 10 Posts
    Rep Power
    14
    Quote Originally Posted by Jobos View Post
    I've got a problem with the Kerberos service on a server 2003 box that I don't know how to fix

    When the server is restarted it's taking a very long time before the logon box appears and I'm getting errors about the kerberos service hanging. Here is the time line from the event log:

    8:34 event log started
    8:38 kerberos key distribution centre hung on startup
    8:53 Application popup warning about service not starting
    8:56 kerberos key distribution centre starts

    There are two servers (server A and server B) and it's server A with the problem. I've run dcdiag on both servers and it reports no problem but netdiag on server A reports “kerberos does not have a ticket for host”.
    Netdiag often returns “kerberos does not have a ticket for host” because the Server 2003 version of netdiag doesn't work properly.

    Have you tried using Klist instead? It's in the Resource Kit. That may provide more useful information.

  4. #4
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,150
    Thank Post
    182
    Thanked 50 Times in 43 Posts
    Rep Power
    25
    I have, but I don't know what I'm looking for!

    Server A has 7 cached tickets and server B has 6 cached tickets.

  5. #5
    mrmontymick's Avatar
    Join Date
    Mar 2009
    Location
    Peterborough, UK
    Posts
    64
    Thank Post
    7
    Thanked 16 Times in 10 Posts
    Rep Power
    14
    Quote Originally Posted by Jobos View Post
    I have, but I don't know what I'm looking for!

    Server A has 7 cached tickets and server B has 6 cached tickets.
    Does the server A have a TGT for itself?

    If you stop and restart the KDC once the server has started does it do it quickly or is it as slow as initial start-up?

  6. #6
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,150
    Thank Post
    182
    Thanked 50 Times in 43 Posts
    Rep Power
    25
    Quote Originally Posted by mrmontymick View Post
    Does the server A have a TGT for itself?

    If you stop and restart the KDC once the server has started does it do it quickly or is it as slow as initial start-up?
    Sorry to sound thick but what does TGT mean?

  7. #7
    mrmontymick's Avatar
    Join Date
    Mar 2009
    Location
    Peterborough, UK
    Posts
    64
    Thank Post
    7
    Thanked 16 Times in 10 Posts
    Rep Power
    14
    Quote Originally Posted by Jobos View Post
    Sorry to sound thick but what does TGT mean?
    Sorry, way to geeky moment there, TGT = Ticket Granting Ticket. The master ticket if you like which allows you authenticate to all other Kerberos services.

    The restart question is probably the more important of the two to have an answer to....

  8. #8
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,150
    Thank Post
    182
    Thanked 50 Times in 43 Posts
    Rep Power
    25
    KDC took 90 seconds to restart. I see from the event log that while KDC was restarting there were a number of crypt32 errors event ID 8

    Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist
    All updates are done via WSUS on server B
    Last edited by Jobos; 23rd February 2010 at 08:08 AM.

  9. #9
    mrmontymick's Avatar
    Join Date
    Mar 2009
    Location
    Peterborough, UK
    Posts
    64
    Thank Post
    7
    Thanked 16 Times in 10 Posts
    Rep Power
    14
    Quote Originally Posted by Jobos View Post
    KDC took 90 seconds to restart. I see from the event log that while KDC was restarting there were a number of crypt32 errors event ID 8



    All updates are done via WSUS on server B
    I take it the server doesn't have any form of internet access available to it then?

    The looks like it's trying to perform a security certificate update and is unable to do so.

  10. #10
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,150
    Thank Post
    182
    Thanked 50 Times in 43 Posts
    Rep Power
    25
    Quote Originally Posted by mrmontymick View Post
    I take it the server doesn't have any form of internet access available to it then?

    The looks like it's trying to perform a security certificate update and is unable to do so.
    The server does have internet access. I'll do the test again and this time test the internet when KDC is down.

  11. #11
    Jobos's Avatar
    Join Date
    Apr 2007
    Posts
    1,150
    Thank Post
    182
    Thanked 50 Times in 43 Posts
    Rep Power
    25
    I did a test before I went home tonight and the internet works fine when KDC service is stopped.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 9
    Last Post: 6th August 2009, 08:07 AM
  2. OSX server ,AD & kerberos
    By pooley in forum Mac
    Replies: 3
    Last Post: 7th September 2007, 12:05 PM
  3. Replies: 19
    Last Post: 6th April 2007, 12:22 PM
  4. Group Policy / Kerberos problem
    By ajbritton in forum Windows
    Replies: 2
    Last Post: 25th March 2006, 06:18 PM
  5. Kerberos error - All policies disappeared
    By ajbritton in forum Windows
    Replies: 13
    Last Post: 2nd November 2005, 02:13 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •