You receive a "Kerberos does not have a ticket" error message when you run Netdiag.exe on a Windows Server 2003-based member server in a Windows 2000-based domain

Article translations Article translations
Article ID: 870692 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

When you perform a Kerberos test by running the Netdiag.exe command-line tool on a Microsoft Windows Server 2003-based member server in a Windows 2000-based domain, you receive the following error message:
Kerberos test. . . . . . . . . . . : Failed
[FATAL] Kerberos does not have a ticket for host/domain_name.
Note In this error message, domain_name is the fully qualified domain name (FQDN) of your computer.

CAUSE

This problem occurs because Netdiag.exe searches only for the host/domain_name kind of Kerberos ticket. Netdiag.exe does not search for the computer_name$ kind of Kerberos ticket.

STATUS

Microsoft has confirmed that this is a problem in Netdiag.exe.

MORE INFORMATION

The Kerberos protocol lets you send private information across an otherwise open network. Kerberos tickets are unique keys that are assigned to users and computers when they log on to a network. A Kerberos ticket includes all the user credentials or computer credentials in an encrypted format. These credentials are used to identify a specific user or a specific computer on a network for access to Kerberos services. The following list describes the two types of Kerberos tickets:
  • Ticket-granting ticket
    When you log on to a server, the central Key Distribution Center (KDC) generates a Ticket-Granting Ticket (TGT). You use the TGT as a master ticket to access all Kerberos services on a network.
  • Service ticket
    When you try to access a service that requires Kerberos for authentication, the service uses the ticket that you received from the KDC to authenticate you. After the service verifies your identity and authenticates you, the service issues a service ticket.
To verify whether your member server computer has Kerberos tickets, you can use the Klist.exe command-line tool or the Kerbtray.exe command-line tool. These tools are included in Windows Server 2003 Resource Kit Tools.

For additional information about Kerberos, visit the following Microsoft Web site:
http://msdn2.microsoft.com/en-us/library/aa378747.aspx
For additional information about how to use Netdiag.exe tool, click the following article number to view the article in the Microsoft Knowledge Base:
321708 How to use the Network Diagnostics Tool (Netdiag.exe) in Windows 2000

Properties

Article ID: 870692 - Last Review: February 6, 2007 - Revision: 2.3
APPLIES TO
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
Keywords: 
kbprb KB870692

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com