Logged-On Users May Not Be Authenticated to Services After KRBTGT Password Change

Article ID: 295083 - View products that this article applies to.
This article was previously published under Q295083
Expand all | Collapse all

SYMPTOMS

After a change in the password for the KRBTGT account (the account that is used for Kerberos authentication), users who are currently logged on may begin to experience unsuccessful authentication to some services.
Back to the top | Give Feedback

CAUSE

This behavior is due to the domain controller's no longer being able to decrypt the ticket-granting-tickets that are issued. This limitation occurs because the password history mechanism used for the KRBTGT service is linked to the account password history.
Back to the top | Give Feedback

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910
(http://support.microsoft.com/kb/260910/EN-US/ )
How to Obtain the Latest Windows 2000 Service Pack
Back to the top | Give Feedback

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

This problem was first corrected in Windows 2000 Service Pack 2.
Back to the top | Give Feedback

MORE INFORMATION

217098
(http://support.microsoft.com/kb/217098/EN-US/ )
Basic Overview of Kerberos Authentication in Windows 2000
Back to the top | Give Feedback

Properties

Article ID: 295083 - Last Review: January 31, 2007 - Revision: 3.2
APPLIES TO
  • Microsoft Windows 2000 Service Pack 1
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Service Pack 1
Keywords: 
kbbug kbfix kbnetwork kbpolicy KB295083
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top