Group Policy / Kerberos problem

[ajbritton]

Got a weird problem which only appears (AFAIK) on Viglen PCs with blue mesh panels along the bottom of the base unit. They are ASUS motherboards with SIS900 NICs.

Occasionally (and only on some of the machines), the Group Policy fails. The following even appears in the System log (source Kerberos, event 7)

The kerberos subsystem encountered a PAC verification failure. This indicates that the PAC from the client ICTSUITE-04$ in realm SJB-CURRIC.INT had a PAC which failed to verify or was modified. Contact your system administrator.

I have enabled verbose USERENV debug logging and the only clue in the resulting file are lines which say

USERENV(1a4.488) 15:56:46:156 ProcessGPO: Machine does not have access to the GPO and so will not be applied.

I have searched high and low for a solution to this. There are a number of suggestions which relate to Kerberos problems, but none which really relate to my exact circumstances. There is an entry on Experts Exchange in their Hot Solutions section, but only registered members can view the solution.

It's a vanilla 2K3 domain so the school does not have a software support contract with Viglen.

Any ideas?

[ajbritton]

Fixed by removing the Viglen supplied 2.x.y.z driver. The 1.x.y.z driver supplied with XP SP2 worked fine and no more errors. I did try the 2.x.y.z+1 driver available on SIS website but no better.

Also, although the PC produced multiple W32TIME errors at boot, the Kerberos error only appeared when Sophos was added to the mix (I built 7 PCs with all possible combinations of Sophos, Windows Updates, Polcies and Software to test this).

[john]

My advice, steer clear of SIS chipsetted boards full stop, they are not nice, I have had too many issues with them to carry on trying them out. I use Via or Intel based ones only.