Skip to main content

Everyone else's Kerberos work, except this one user, which now can only authenticate via NTLM and becomes anonymous user.

His old PC name:  XYZ_OLD

He got a new PC last week with name XYZ_NEW  (Kerberos works) last Thursday.

HelpDesk renamed his PC from XYZ_NEW to XYZ_OLD on Friday and now Kerberos no longer works.

I checked IE and Automatic Integrated Logon is specified.    We also used KerbTray.exe to purge the tickets, and nothing stands out in the client and server's Event Log.

Any ideas?

Is the (first) server registered in Local Intranet Zone in Internet Explorer?

Another tip is to delete saved credentials. I don't have a XP/Vista machine in front of me, but in Windows 7 it's called "Manage windows credentials" in Control Panel. Look for "Password" or "User" or something similar in this users Control Panel.

Good luck! 

Just taking a guess here but his machine account password might have gotten messed up.  You could try resetting the machine password.  However, unjoining, cleaning up the machine account in AD and then rejoining back to the domain has given me better results in the past.
Having the user changing his domain password fixed the problem, thanks!
Computer or User account?
User account.

Interestingly, I just helped a customer with a similar issue.


 It was related to the client machine using cached credentials when authenticating to the server.


A reboot of the machine showed that the user account password was locked out.


I also found an interesting tool that allows you to remove cached user credentials.


Run this command to launch it.


rundll32.exe keymgr.dll, KRShowKeyMgr

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings