Article ID: 2627903 - View products that this article applies to.
You are running applications on Windows 7 or Windows Server 2008 R2. The application or its runtime environment requires access to the Kerberos TGT Session Key to submit its own Kerberos Ticket requests.
Microsoft has introduced an option to enable this, documented in this KB article using the registry entry allowtgtsessionkey: http://support.microsoft.com/kb/308339
When you are running the affected applications as a local administrator with User Access Control (UAC) enabled, you notice that the application is not able to make Kerberos-authenticated connections.
In the affected operating systems, giving out the session keys to processes running with a restricted token is not allowed anymore. This is seen as a potential to elevate the process to a unrestricted token.
There are the following approaches:
(http://go.microsoft.com/fwlink/?LinkId=151500)for other considerations.
Article ID: 2627903 - Last Review: April 19, 2013 - Revision: 5.0
Contact us for more help