User kerberos problems over VPN

I'm working in a Windows 2003 domain with an odd authentication
problem. Randomly, or so it seems, users will get "Access Denied"
messages when mapping to network resources after connecting over VPN.
I have not heard of anyone having this problem locally on the LAN. On
the Active Directory servers, the Security event log is showing a
Kerberos authentication error.

Authentication Ticket Request
Result Code: 0x6 ("Client not found in Kerberos database")

What could cause a remotely connected user to randomly have this
problem?

Thanks!

Scott

Error 6 - Error Code 0x6 Microsoft Windows Error Message 6:
'ERROR_INVALID_HANDLE' The handle is invalid.


At a command window, from the \windows\system32 directory, run the following
command: "hpbpro.exe -RegServer". If the problem persists, run
"hpbpro.exe -Service".

Also

To repair this error, download and install each of the software tools listed below.
These have been specifically designed to help repair this error;

1.. Download Windows Software Update - updates the drivers that control your
computer.
2.. http://wmpub.pcdriversheadqu.revenue...download?Error 6 -
Error Code 0x6

1.. Download Error 6 - Error Code 0x6 Fix - helps fix Error 6 - Error Code 0x6 on
your system.
2.. http://wmpub.reimage.revenuewire.net...download?Error 6 -
Error Code 0x6

Sometimes Error 6 - Error Code 0x6 can be caused by spyware or virus infections, so
it's wise to run a removal programthe to remove any spyware infections.


--
Peter
Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
This posting is provided "AS IS" with no warranties, and confers no rights.
http://www.microsoft.com/protect


"Scott Moseman" <> wrote in message
news:01e38563-09a3-48e7-b12f-...
>
> I'm working in a Windows 2003 domain with an odd authentication
> problem. Randomly, or so it seems, users will get "Access Denied"
> messages when mapping to network resources after connecting over VPN.
> I have not heard of anyone having this problem locally on the LAN. On
> the Active Directory servers, the Security event log is showing a
> Kerberos authentication error.
>
> Authentication Ticket Request
> Result Code: 0x6 ("Client not found in Kerberos database")
>
> What could cause a remotely connected user to randomly have this
> problem?
>
> Thanks!

This is an Event ID 672 "Failure Audit"; so the 0x6 result code is a
Kerberos error code.

Kerberos Error Number: 0x6
Kerberos Error Code: KDC_ERR_C_PRINCIPAL_UNKNOWN
Description: Client not found in Kerberos database.

However, I do not understand why this shows up over a VPN connection,
but not on the LAN.

On Jan 25, 3:06*pm, Scott Moseman <scmose...@gmail.com> wrote:
> This is an Event ID 672 "Failure Audit"; so the 0x6 result code is a
> Kerberos error code.
>
> Kerberos Error Number: 0x6
> Kerberos Error Code: KDC_ERR_C_PRINCIPAL_UNKNOWN
> Description: Client not found in Kerberos database.
>
> However, I do not understand why this shows up over a VPN connection,
> but not on the LAN.

I can't give you an answer, but I can suggest a few additional
troubleshooting steps:

- Is the condition intermittent when it does occur? If the user sees
this message does it always happen for the duration of their VPN
session
- Do certain users see this more freqently then others? If so, is
there a difference in their accounts or in the way they connect
through VPN?
- Is it only certain resources that exhibit the problem, or is it any
resource that the user tries to access during the session?
- If you can do additional troubleshooting in one of the user
sessions that is having the problem, I would suggest doing some tests
with KLIST and/or kerbtray. Does the user have a TGT? Can a ticket be
requested for the server that is causing a problem?

For Kerberos issues, you want to figure out whether the problem is
user, workstation or resource based. All three parties are involved
and each can cause the problem. There is an updated version of KLIST
at http://www.securitay.com/support/freeutils.aspx that has additonal
capabilities handy for troubleshooting.

HTH