Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

When you use an account from an external MIT Kerberos realm to log on to a Windows Vista-based workstation, the logon fails

Search KbAlertz

Advanced Search

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]











Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks
Article ID: 947707 - Last Review: February 9, 2008 - Revision: 1.0

When you use an account from an external MIT Kerberos realm to log on to a Windows Vista-based workstation, the logon fails

View products that this article applies to.

SYMPTOMS

When you use an account from an external Massachusetts Institute of Technology (MIT) Kerberos realm to log on to a Windows Vista-based workstation, the logon fails.

Note You can use the same account to log on to a Windows XP-based workstation.
Back to the top

CAUSE

This issue occurs because of a known issue in older versions of the MIT Kerberos protocol. When a logon request is received from a client computer that contains a newer encryption type, the Key Distribution Center (KDC) responds with an ETYPE-INFO2 field in the Authentication Service Replies (AS-REP). In older versions of the MIT Kerberos protocol, a problem exists that would cause the KDC to respond with an incorrect encryption type. This behavior is documented in Request for Comments (RFCs) 4120, "The Kerberos Network Authentication Service (V5)."

Windows XP-based clients do not experience this issue because Windows XP does not support the new encryption types that trigger this response.
Back to the top

RESOLUTION

To resolve this issue, update all KDCs in the MIT Kerberos realm to version 1.4.3 or a later version.
Back to the top

MORE INFORMATION

For more information about RFC 4120, visit the following RFC Web site:
http://www.rfc-editor.org/ (http://www.rfc-editor.org/)
Back to the top
APPLIES TO
  • Windows Vista Ultimate
  • Windows Vista Ultimate 64-bit Edition
  • Windows Vista Enterprise
  • Windows Vista Enterprise 64-bit Edition
  • Windows Vista Business
  • Windows Vista Business 64-bit Edition
  • Windows Vista Home Premium
  • Windows Vista Home Premium 64-bit Edition
  • Windows Vista Home Basic
  • Windows Vista Home Basic 64-bit Edition
Back to the top
Keywords: 
kbtshoot kbprb kbpubtypekc KB947707
Back to the top
        

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

Copyright © 2002-2007 KBALERTZ.COM.  All Rights Reserved. Terms / PrivacyDiscount ASP.NET Hosting