User kerberos problems over VPN

Discussion in 'Server Security' started by Scott Moseman, Jan 24, 2011.

  1. I'm working in a Windows 2003 domain with an odd authentication
    problem. Randomly, or so it seems, users will get "Access Denied"
    messages when mapping to network resources after connecting over VPN.
    I have not heard of anyone having this problem locally on the LAN. On
    the Active Directory servers, the Security event log is showing a
    Kerberos authentication error.

    Authentication Ticket Request
    Result Code: 0x6 ("Client not found in Kerberos database")

    What could cause a remotely connected user to randomly have this

    Scott Moseman, Jan 24, 2011
    1. Advertisements

  2. Scott Moseman

    Peter Foldes Guest


    Error 6 - Error Code 0x6 Microsoft Windows Error Message 6:
    'ERROR_INVALID_HANDLE' The handle is invalid.

    At a command window, from the \windows\system32 directory, run the following
    command: "hpbpro.exe -RegServer". If the problem persists, run
    "hpbpro.exe -Service".


    To repair this error, download and install each of the software tools listed below.
    These have been specifically designed to help repair this error;

    1.. Download Windows Software Update - updates the drivers that control your
    2.. 6 -
    Error Code 0x6

    1.. Download Error 6 - Error Code 0x6 Fix - helps fix Error 6 - Error Code 0x6 on
    your system.
    2.. 6 -
    Error Code 0x6

    Sometimes Error 6 - Error Code 0x6 can be caused by spyware or virus infections, so
    it's wise to run a removal programthe to remove any spyware infections.

    Please Reply to Newsgroup for the benefit of others
    Requests for assistance by email can not and will not be acknowledged.
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Peter Foldes, Jan 25, 2011
    1. Advertisements

  3. This is an Event ID 672 "Failure Audit"; so the 0x6 result code is a
    Kerberos error code.

    Kerberos Error Number: 0x6
    Kerberos Error Code: KDC_ERR_C_PRINCIPAL_UNKNOWN
    Description: Client not found in Kerberos database.

    However, I do not understand why this shows up over a VPN connection,
    but not on the LAN.
    Scott Moseman, Jan 25, 2011
  4. Scott Moseman

    DaveMo Guest

    I can't give you an answer, but I can suggest a few additional
    troubleshooting steps:

    - Is the condition intermittent when it does occur? If the user sees
    this message does it always happen for the duration of their VPN
    - Do certain users see this more freqently then others? If so, is
    there a difference in their accounts or in the way they connect
    through VPN?
    - Is it only certain resources that exhibit the problem, or is it any
    resource that the user tries to access during the session?
    - If you can do additional troubleshooting in one of the user
    sessions that is having the problem, I would suggest doing some tests
    with KLIST and/or kerbtray. Does the user have a TGT? Can a ticket be
    requested for the server that is causing a problem?

    For Kerberos issues, you want to figure out whether the problem is
    user, workstation or resource based. All three parties are involved
    and each can cause the problem. There is an updated version of KLIST
    at that has additonal
    capabilities handy for troubleshooting.

    DaveMo, Feb 20, 2011
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.