When you use an account from an external MIT Kerberos realm to log on to a Windows Vista-based workstation, the logon fails

When you use an account from an external Massachusetts Institute of Technology (MIT) Kerberos realm to log on to a Windows Vista-based workstation, the logon fails.

Note You can use the same account to log on to a Windows XP-based workstation.


CAUSE

This issue occurs because of a known issue in older versions of the MIT Kerberos protocol. When a logon request is received from a client computer that contains a newer encryption type, the Key Distribution Center (KDC) responds with an ETYPE-INFO2 field in the Authentication Service Replies (AS-REP). In older versions of the MIT Kerberos protocol, a problem exists that would cause the KDC to respond with an incorrect encryption type. This behavior is documented in Request for Comments (RFCs) 4120, “The Kerberos Network Authentication Service (V5).”

Windows XP-based clients do not experience this issue because Windows XP does not support the new encryption types that trigger this response.


RESOLUTION

To resolve this issue, update all KDCs in the MIT Kerberos realm to version 1.4.3 or a later version.


MORE INFORMATION

For more information about RFC 4120, visit the following RFC Web site:

http://www.rfc-editor.org/ (http://www.rfc-editor.org/)



APPLIES TO
Windows Vista Ultimate
Windows Vista Ultimate 64-bit Edition
Windows Vista Enterprise
Windows Vista Enterprise 64-bit Edition
Windows Vista Business
Windows Vista Business 64-bit Edition
Windows Vista Home Premium
Windows Vista Home Premium 64-bit Edition
Windows Vista Home Basic
Windows Vista Home Basic 64-bit Edition

——————————————–

Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
Microsoft Corporation. All rights reserved. Terms of Use | Trademarks

 


You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

AddThis Social Bookmark Button

Leave a Reply

*
To prove that you're not a bot, enter this code
Anti-Spam Image