You are currently offline, waiting for your internet to reconnect

How to enable Kerberos event logging

Support for Windows XP has ended

Microsoft ended support for Windows XP on April 8, 2014. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article was previously published under Q262177

Support for Windows Vista without any service packs installed ended on April 13, 2010. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: Support is ending for some versions of Windows

Summary
Microsoft Windows 2000, Windows Server 2003, and Windows Server 2008 offer the capability of tracing detailed Kerberos events through the event log mechanism. You can use this information when you troubleshoot Kerberos. This article describes how to enable Kerberos event logging.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows

back to the top

Enabling Kerberos Event Logging on a Specific Computer

  1. Start Registry Editor.
  2. Add the following registry value:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters

    Registry Value:
    LogLevel

    Value Type:
    REG_DWORD

    Value Data:
    0x1


    If the
    Parameters
    subkey does not exist, create it.

    Note Remove this registry value when it is no longer needed so that performance is not degraded on the computer. Also, you can remove this registry value to disable Kerberos event logging on a specific computer.
  3. Quit Registry Editor. The setting will become effective immediately on Windows Server 2008, on Windows Vista, on Windows Server 2003, and on Windows XP. For Windows 2000, you must restart the computer.
You can find any Kerberos-related events in the system log.

back to the top
More information
Turning on Kerberos event logging is intended only for troubleshooting purpose when you expect additional information for the Kerberos client-side at a defined action timeframe.

From a general point of view, you may receive additional errors that can correctly be handled by the receiving client system without the user interference. Therefore, it does not reflect a severe problem that must be solved or even can be solved.

For example, an event log 3 about a Kerberos error that has the error code 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN for Server Name cifs/<IP address> will be logged when a share access is made against a server IP address and no server name. If this error is logged, the Windows client automatically tries to fail back to NTLM authentication for the user account. If this operation works, receive no error.
Properties

Article ID: 262177 - Last Review: 10/25/2012 16:53:00 - Revision: 1.0

Windows Server 2008 R2 Datacenter without Hyper-V, Windows Server 2008 R2 Enterprise without Hyper-V, Windows Server 2008 R2 for Itanium-Based Systems, Windows Server 2008 R2 Enterprise, Windows Web Server 2008 R2, Windows Server 2008 R2 Datacenter, Windows Server 2008 R2 Standard, Windows Server 2008 R2 Standard without Hyper-V, Windows Server 2008 Datacenter without Hyper-V, Windows Server 2008 Enterprise without Hyper-V, Windows Server 2008 for Itanium-Based Systems, Windows Server 2008 Enterprise, Windows Web Server 2008, Windows Server 2008 Datacenter, Windows Server 2008 Standard, Windows Server 2008 Standard without Hyper-V, Microsoft Windows Server 2003, Enterprise Edition (32-bit x86), Microsoft Windows Server 2003, Datacenter Edition (32-bit x86), Microsoft Windows Server 2003, Standard Edition (32-bit x86), Microsoft Windows Server 2003, Web Edition, Windows Vista Business, Windows Vista Enterprise, Windows Vista Ultimate, Windows Vista Home Premium, Windows Vista Home Basic, Microsoft Windows XP Professional, Microsoft Windows XP Home Edition, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Server, Microsoft Windows 2000 Professional Edition

  • kbenv kbhowtomaster KB262177
Feedback
/html>
United Kingdom - English
日本 - 日本語
Eesti - Eesti
Norge - Bokmål
United States (English)
香港特別行政區 - 繁體中文
El Salvador - Español
Panamá - Español
Uruguay - Español
대한민국 - 한국어
España - Español
Paraguay - Español
Venezuela - Español
I=4050&did=1&t="> var varCustomerTracking = 1; var Route = "76500"; var Ctrl = ""; document.write(" .getElementsByTagName('head')[0].appendChild(m);" onload="var m=document.createElement('meta');m.name='ms.dqp0';m.content='false';document.getElementsByTagName('head')[0].appendChild(m);" src="http://c1.microsoft.com/c.gif?">