Kerberos problem

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - hey its beth hey roisin its beth, wtasup. I'll send you that thing as soon as possible!kk? em i dont excatly know what my email address is but it should come up with this message kk? c ya! beth xxxxxx Tag: Kerberos problem Tag: 97416
  - 2
    - MSDN Download Error - The Server SSL certificate is issued by a ce Hi, When I start downloading from MSDN using the File Transfer Manager - I can see the download becoming active but then I get an error : " The Server SSL certificate is issued by a certificate that is unfamiliar to the Client " . For this I found a work around to , simply in the file transfer manager - options connection tab "uncheck the file transfer mode of https" . This worked , but as I did not need to do this earlier and all was well - I am concerned if unchecking HTTPS will cause some kind of 'side effect ' at another time ? Please help ! Sam - MSDN User Tag: Kerberos problem Tag: 97407
  - 3
    - Reading SNMP Traps in VB.Net Hi need some help on reading the SNMP Traps in vb.Net and Need some help on how converting the PDUS Tag: Kerberos problem Tag: 97399
  - 4
    - malware bell HELP ME I some how dot this dam thing on my computer and can't get it off.(malware bell). This thing is horrable. Please help. Tom Tag: Kerberos problem Tag: 97394
  - 5
    - Port 137/138 accesses within home network A few newly installed applications required a modification of firewall rules, which prompted me to clean up the convolution of rules that I've amassed over the years. Afterward, I started to get regular outbound UDP connections from "SYSTEM" to 192.168.1.255, ports 137-138. Much web searching ensued. It could be bad (http:// www.linklogger.com/UDP137.htm) or just IP/name resolutions (http:// www.iss.net/security_center/advice/Exploits/Ports/137/default.htm and others). This is a very simple home network, consisting of a DSL modem/router, and zero to two laptops connected via LAN cable to WiFi (either Windows 2000 or WindowsXP). One page visited was http://support.microsoft.com/default.aspx?scid=kb;en-us;832017. It looks like it was meant for non-home IT folk, possibly with a degree in the area. For the schmoe home user, what is the advisability of allowing such accesses to addresses within the home network? A bit of rummaging turns up RFC 1918, which says what such address ranges are. In my case, it seems to be the 16-bit block at 192.168.xxx.yyy. Laptops on this "network" are likely to be installed with standard security applications (firewall, AV, Spybot Search&Destroy). Aside for the advisability of the access rule, why would such accesses be attempted to 192.168.1.255? There is nothing there. Tag: Kerberos problem Tag: 97391
  - 6
    - Why firewall messages are sometimes so vague After much web searching, it seems that anyone who has used older firewalls (e.g Kerio, Sygate) will have been annoyed by messages like "Generic Host Process for Win32 Services from your computer wants to connect to some.changing.ip.address", or some outgoing ping (icmp). The remote destination ip address often resolves to Microsoft or some large content provider. The application that is doing this is always nondescriptly described as svchost or tcpip kernel driver. Possible causes are Windows update checker, Symantec, or possibly McAfee. I know that Kerio will specify the full path of the executable trying to connect out in some cases, so I'm not sure this information is so elusive for these messages. Avast and Diskeeper connections to outside are certainly reported more specifically than the above. From the aforementioned web searching, such details are not elusive to Kerio users. This makes it impossible to maintain a decent set of firewall rules. I've already disabled automatic windows updates, got rid of symantec, and such messages continue to occur, though less often. How do the more experienced maintainers of home firewalls deal with this lack of detail in tightening up their firewall rules? I have, and use, Spybot S&D. I'm hoping that there is a general appraoch that doesn't entail that a user spend much less than 50% of his or her computer time dealing with the security aspects. Currently, the figure is well in excess of 50%, which really raises the question of whether it is reasonable to convert to Luddite-ism. Thanks! Tag: Kerberos problem Tag: 97390
  - 7
    - Seeking firewall rules for Diskeeper 2008 Home edition I'm trialing the above named defragmenter, which requires that firewall access be provided (http://www.diskeeper.com/diskeeper/home/ techspecs.asp) (which in itself seems a bit odd, but be that as it may). I haven't been able to find online the details for firewall rules. For Kerio Personal Firewall (and I suspect most firewalls will be similar), these details are: * Protocol: TCP, UDP, ICMP, or other * Local port type: Any port, single port, port range, or a list of ports * Application (full path of executable) * Remote address type: Single address, network/mask, network/range, or custom address group * Remort port type (same choices as local port type above) Of course, the rule(s) can be made as unrestrictive as possible, which renders the firewall useless. Thanks for any info for constructing the rule to be as restrictive as possible without interfering with the operation of Diskeeper Home Edition. The machine is a standalone, is not part of a home network, and does not network-related policies of any sort from elsewhere. Tag: Kerberos problem Tag: 97389
  - 8
    - Harley Davidson Bulova Womens, Pink mother-of-pearl dial and diamond Harley Davidson Bulova Womens, Pink mother-of-pearl dial and diamond bezel, 76R02 - Replica Watch Fake Harley Davidson Bulova Womens, Pink mother-of-pearl dial and diamond bezel, 76R02 Link : http://www.watchesprice.net/Replica-Bulova-2365.html Replica Watches Home : http://www.watchesprice.net/ Replica Bulova Brands : http://www.watchesprice.net/Bulova-Replica.html Replica Harley Davidson Bulova Womens, Pink mother-of-pearl dial and diamond bezel, 76R02 --- one of best selling replica watches, it is crafted in high quality, please click image 'buy now' to buy this chic but inexpensive replica to save you a lot of money . Harley Davidson Bulova Womens, Pink mother-of-pearl dial and diamond bezel, 76R02 Description: LADIES' HARLEY-DAVIDSON® BRACELET WATCH. MOTHER-OF-PEARL DIAL AND DIAMOND BEZEL. BOLD HARLEY, AND FEMININE. Beautiful mother-of-pearl dial with raised stainless-steel Harley-Davidson Bar & Shield and luminous hands, including a sweep second. A contrasting brushed flat bezel sets off the dial with a set of 12 diamonds marking the hours, in addition to the hour markers on the dial. Each diamond measure about 1mm. The all-stainless brushed and polished bracelet features a hidden bi-folding lock design that is seamless to the eye when snapped closed for wearing. Elegant, tasteful, and feminine, coming in at 30mm, fitting a wrist of up to 7.5 inches. Dressy enough for a night out, yet casual enough for daily wear. Brand new from Harley-Davidson. Shipped in factory box, and with 2 year factory warranty. Harley Davidson Bulova Womens, Pink mother-of-pearl dial and diamond bezel, 76R02 Details: Watches-Price Sales Rank: #4855 in Watches Brand: Bulova Model: 76R02 Band material: stainless-steel Bezel material: stainless-steel Case material: stainless-steel Clasp type: single-lock-fold-over-clasp Dial color: mother of pearl Dial window material: antireflective-sapphire Movement type: analog-quartz Water-resistant to 50 meters Features Mother-of-Pearl Dial--with reds, greens, oranges, all so soft 12 Diamond Bezel, marking the hours. Luminous Hands Fashionable: Dressy or Casual, all stainless-steel, high quality Harley Bulova Water resistant Thank you for choosing www.watchesprice.net as your reliable dealer of quality waches including Harley Davidson Bulova Womens, Pink mother-of- pearl dial and diamond bezel, 76R02 . we guarantee every watch you receive will be exact watch you ordered. Each watch sold enjoy one year Warranty for free repair. Every order from aaa-replica-watches is shipped via EMS, the customer is responsible for the shipping fee on the first order, but since the second watch you buy from our site, the shipping cost is free. Please note that If the total amount of payment is over $600(USD), the customer is required to contact our customer service before sending the money in case failed payment. If you have any other questions please check our other pages or feel free to email us by service@watchesprice.net. Cheapest Harley Davidson Bulova Womens, Pink mother-of-pearl dial and diamond bezel, 76R02 The Same Bulova Series : Jewelry Watch -Ladies' Stainless Steel, Bulova Watch w/ Diamonds : http://www.watchesprice.net/Replica-Bulova-2366.html Ladies Bulova Diamond Dress Watch 97S50CD : http://www.watchesprice.net/Replica-Bulova-2367.html LADIES' BULOVA 14K GOLD 95U07 : http://www.watchesprice.net/Replica-Bulova-2368.html LADIES' BULOVA 14K GOLD 95U16 : http://www.watchesprice.net/Replica-Bulova-2369.html Men's Diamond Bulova Stainless Steel 96E02 Watch : http://www.watchesprice.net/Replica-Bulova-2370.html New Accutron Wrist Watches By Bulova - Accutron Courchevel - White Mother Of Pearl Dail Ladies Watch 28R017WRT : http://www.watchesprice.net/Replica-Bulova-2371.html New Accutron Wrist Watches By Bulova - Accutron Killington - Blue Dail Ladies Watch 26M15WRT : http://www.watchesprice.net/Replica-Bulova-2372.html oos : http://www.watchesprice.net/Replica-Bulova-2373.html Wittnauer Marquee Collection Ladies Watch With Diamond Accent 10P01 : http://www.watchesprice.net/Replica-Bulova-2374.html Wittnauer Watches - 10R04 Wittnauer Ovation Ladies Watch : http://www.watchesprice.net/Replica-Bulova-2375.html Women's Bulova Diamond 98R98 Watch : http://www.watchesprice.net/Replica-Bulova-2376.html Women's Diamond 14K Gold Bulova Bracelet Watch : http://www.watchesprice.net/Replica-Bulova-2377.html Tag: Kerberos problem Tag: 97388
  - 9
    - kavo.exe & tavo.exe , help Hello I'm using win2000sp4 and it's infected with "psw.onlinegames.nmy torjan". I have scan my pc with NOD32 and it detected kavo.exe, tavo.exe. havo.exe..... it also show "pacex.gen.virus" and "rootkit.vanti.nbm torgan" which were all auto. deleted. Every week when I run the scan, I can alway delete kavo or havo.. I was just wondering is there any special tools specificly design to delete this kavo virus? Thank you! Vivianne Tag: Kerberos problem Tag: 97386
  - 10
    - Secure Auditor also checks viruses! Audit your network for security vulnerabilities like patches, trojans, viruses, access control issues, denial of service attack etc with the help of Secure Auditor. It conduct audit against computer and system auditing policies defined by international organizations like SANS, ISACA and CIS to facilitate effective Windows, Oracle and MSSQL server auditing. It identifies Oracle, MSSQL, Windows and Cisco Vulnerabilities with facility for automated audit scheduling and automated online updates.Just get your copy and check it out. http://www.download.com/Secure-Auditor/3000-265310826743.html?part=dl-SecureAud&subj=uo&tag=button Tag: Kerberos problem Tag: 97385
  - 11
    - Network security general discussion I am in the process of deciding how to allow remote user access to our network. I think I want to set up a VPN with both router-to-router IPSEC tunnels for remote offices and a few PPTP tunnels for users from home. I don't want to go crazy with security (not sure that's avoidable !). My basic question is: It seems all the tunnels/encryption/??? in the world aren't going to do any good if I don't have really strong passwords everywhere. In other words, if some can crack into one or my router's setup, they could create their own tunnel, etc. Am I missing something or is it basically true that anyone's network security is only as good as their weakest password ? Tag: Kerberos problem Tag: 97381
  - 12
    - Somethings got ahold of my Computer I am running XP with service pack 2. I am conected to the internet via Yahoo by ATT, which offers Norton Security, Anitspyware, AntiVirus, Personal firewall (I use Microsoft fire wall) Parental Controls (do not use) and AT&T Mail Protection. While using this I have encountered trouble with website pop ups...and security warnings (not from Microsoft although made to look like they come from Micrsoft) These warning will tell me I have security risks and pop up to a site that sells virus control and antispy. It will tell me "Internet attack detected" Pop up warnings that say "Privacy Conductor may find dangerous traces that need to be cleaned." This has also taken over my background with " Warning: Spyware threat has been detected on your PC. Also "Task manager has been disabled by administrator" I have not done this and followed the instructionas to enable it only to find it disabled again. I have downloaded Windows Defender and it has taken at least 6 Trojan:Win32/Conhook.D infestations off my computer in the last 2 days but the problem continues. I don't know what else to do. My CDrom has failed as has other media ports. -- leon Tag: Kerberos problem Tag: 97376
  - 13
    - Subject Alternate Name Certificate Native Suport Does Windows Server 2003 R2 Natively support the SAN Certificate Extensions or do you still need to add the command line enabling those like you do in Windows Server 2003 CAs? Thank you in advance! -- - Mike Tag: Kerberos problem Tag: 97374
  - 14
    - IE 6 won't accept signed ActiveX control My company ships a signed ActiveX control. On some machines running Windows 2k3 and IE 6, when the ActiveX control is downloaded, an error dialog appears titled "Security Alert - Driver Installation", with the message "The driver software you are installing has not been properly signed...". This seems odd because the .CAB file does not contain drivers, so it would seem that IE is somehow using the wrong signature verification method. I have verified via "signtool verify /pa /v" that the .CAB file is correctly signed with a valid certificate. So why doesn't IE agree? Any thoughts or pointers appreciated. Tag: Kerberos problem Tag: 97369
  - 15
    - Some Files dont show the security tab Hi. I have a windows 2003 Server. One folder in the hard disk, contain 3 files. I don't have problems when i try to show the permissions in the folder. But when i try to show the files properties, the system dont show the security tab. I think these files are corrupt, I try to delete them, but I obtain this message: "Access is denied". How can i delete them? Tag: Kerberos problem Tag: 97367
  - 16
    - Error in CLM, Smartcard enrollment Hello, I am having some trouble getting my lab install of CLM 2007 w/ FP1 working. Using a centralized registration model, the CLM Manager ID (CLMTemplateAdmin) is trying to enroll SmardCard Logon for another user (labadmin). When I assign the SC to the user (on a machine running CLM client) I get the error: "Processing Error: Error generating requested certificates. Element not found. 0x80070490 (WIN32:1168)". I can view the details of the SC and see my mutilple Enroll request but none are marked completed. Lab setup: Using Gemalto .Net cards, Client PC is XP w/ SP3, CLM & issuing CA on 2003 Ent. w/ SP2. Tag: Kerberos problem Tag: 97361
  - 17
    - SetFileInformationByHandle never works Hi, I'm not sure this is the correct newsgroup for my question, so please tell me if I'm wrong to send it here. I creates a small program that creates a file handle on an existing file using CreateFile function. After creating the handle the program tries to set FileRenameInfo or FileDispositionInfo for the file but the function always fails with ACCESS_DENIED. I tried many combinations of CreateFile parameters, but none worked for me yet. Are there specific parameters to use for creating the handle when using SetFileInformationByHandle? Tag: Kerberos problem Tag: 97360
  - 18
    - Secure Auditor secure your windows Hi folks, Go and get a copy of Secure Auditor which is a unified digital risk management solution and provides 30 tools in 1 package. It performs scan and audit on your windows based machine so that you will be able to identify the weakest link in your network. It helps in compliance, penetration test and forensics as well. So get passwords of every windows and Oracle machine on your network within seconds. Asset management, MSSQL audit, Oracle audit and more than all Cisco Router audit is handy with Secure Auditor. Just check out the link http://www.download.com/Secure-Auditor/3000-2653-10826743.html?part=dl-SecureAud&subj=uo&tag=button Tag: Kerberos problem Tag: 97356
  - 19
    - Secure Auditor secure your windows Hi folks, Go and get a copy of Secure Auditor which is a unified digital risk management solution and provides 30 tools in 1 package. It performs scan and audit on your windows based machine so that you will be able to identify the weakest link in your network. It helps in compliance, penetration test and forensics as well. So get passwords of every windows and Oracle machine on your network within seconds. Asset management, MSSQL audit, Oracle audit and more than all Cisco Router audit is handy with Secure Auditor. Just check out the link http://www.download.com/Secure-Auditor/3000-2653-10826743.html?part=dl-SecureAud&subj=uo&tag=button Tag: Kerberos problem Tag: 97355
  - 20
    - iTunes.exe - Bad Image - ksuser.dll is not a valid Windows image When I try to open iTunes, it will not open and the following error message is prompted: DDE Server Window: iTunes.exe - Bad Image The application or DLL C:\windows\system32\ksuser.dll is not a valid Windows image. Please check this against your installation diskette. What can I do to correct this problem? Regards, Scott Tag: Kerberos problem Tag: 97349
  - 21
    - Instant Message Security I use AOL IM and gmail at work through a PC using Microsoft OS connected to a company server. Does my company have the ability to monitor or record my IM's and personal gmails without my knowledge? In the AOL settings I chose not to have my IM's logged, but someone told me if I use IM on my company computer and it goes through their servers, they can log and view my chats -- and this would apply to gmail as well. Thanks Tag: Kerberos problem Tag: 97338
  - 22
    - Firewall rules for Avast ping home? Crossposted to http://forum.avast.com/index.php?topic=34656.0 I just installed Avast antivirus (home edition). According to the online help, I should configure the firewall to allow access to * URL: http://www.asw.cz/iavs4pro IP: 195.70.130.34 * URL: http://www.avast.com/iavs4pro IP: 64.246.6.135 * URL: http://www.iavs.net/iavs4pro IP: 207.44.156.15 * URL: http://www.iavs.cz/iavs4pro IP: 62.168.45.69 According to http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=25, the programs that should be allowed access are * avast.setup * avastXX.setup (where "XX" are some numbers) * aswUpdSv.exe * ashServ.exe * ashWebSv.exe However, I'm getting firewall access requests that correspond to neither the IP addresses or applications listed above. The requests are pings (ICMP[8]) to sl2XX.avast.com, where X varies from 09 to 14 (and probably beyond, except that I got tired of them and created a blocking rule). The IP addresse are 75.126.203.67-72. There was also one to sl205.avast.com (75.126.130.172). The firewall lists the application as tcpip kernel driver. I haven't found any information on legitimate IPs for the pings. Do I have to open up the firewall to all outgoing pings? What is the impact on Avast functionality or updatability if I don't? Tag: Kerberos problem Tag: 97334
  - 23
    - security system i am using vista home premium. i just got this computer. i know so much about computer but just the basic. I have a problem that is poping up on my screen. I have tryed everything i know to get rid of it. The heading is security system protection control panel. It is saying possible spyware infection detected . You need to update pc-anti-spyware as it has detected a trojan downloader.xs. I have run scans and can't find a problem. When i press on it it takes me to a anti-spyware site to buy a package. The site it takes me too is called anti-spyware-reviews.biz 2008. It is driving me crazy. If anyone would please help to sort this problem i would be greatful. I hope i am in the right discussion group. If i am not could you please let me know what group i should go too. Thankyou Tag: Kerberos problem Tag: 97332
  - 24
    - Freeware disk encryption Anyone know of a freeware disk encryption system that supports: - on-the-fly encryption / decryption - command-line mounting (or some other API) - NON-DESTRUCTIVE encryption of NON-SYSTEM whole disk I've looked at TrueCrypt - it is almost what I need, but doesn't do non- destructive whole disk... -mdb Tag: Kerberos problem Tag: 97331
  - 25
    - Firewall rules to allow Windows 2000 updates Where can one find firewall rules to allow Windows 2000 updates? Specifically, which applictions will be reaching out, input or output, the type of access/data (TCP, UDP, etc.), which executable will be doing this, the swath of IP addresses which it could contact, and the ports? I've got my automatic updates to only notify me, not download and install. I do that manually. Thanks! Tag: Kerberos problem Tag: 97328
- Next
  - 1
    - Logging of Microsoft Live Communication Conversations How do you log the IM conversations of end users in a corporation for security purposes? This is a loaded question, I'm sure. It is for Security. Tag: Kerberos problem Tag: 97324
  - 2
    - access denied, no security tab I'm running windows server 2003 and cannot access a folder (access denied message). When I right click and properties the folder, there is no security tab (only General, ,Customize and NFS sharing). This is not XP, so the simple file sharing doesnt exist, and its obviously an NTFS drive as its windows server I'm running. the parent folders and all other folders are fine, just one folder out on its own not letting anyone play with it.... Any ideas on what can cause this or how it can be fixed??? Tag: Kerberos problem Tag: 97318
  - 3
    - Looking for Single Sign on (SSO) solution Hi ! I'm looking for a single sign on (SSO) solution suitable for an hospital environment. I has to be based on Active Directory. It has to control/automate login in Windows, Outlook, web (IE) applications and many classical Windows applications. Ideally it would make use of XP fast user switching. I would like to have an autenthication device working with proximity detector (RFID, BlueTooth or whatever technology). Any idea about commercial or open source product ? -- Francois PIETTE http://www.overbyte.be Tag: Kerberos problem Tag: 97317
  - 4
    - is it true... that an Enterprise Root CA has to be a domain controller? What about subordinates? Tag: Kerberos problem Tag: 97315
  - 5
    - Standalone vs Enterprise root CA security. I have a Root and a subordinate stnadalone CA in my enterprise. I also have a 3rd subordinate which is issuing certificates from the 2nd subordinate which has been setup as an Enterpise subordinate. I was told that the Root and the 1st subordinate where setup as Standalone for security reasons but no one can tell me those reaosns. Can anyone tell me the difference in security between these. Tag: Kerberos problem Tag: 97314
  - 6
    - Spyware, Anti-Virus and Microsoft update frustration I am looking for some honest help! I have a HP Pavilion ze4500 notebook, which I received for free from my father in-law, and it has more problems than I know what to do with. I started by just trying to update Windows and upgrade to Internet Explorer. I have so many popups it's not even funny. I can barely get anything done. So I went and purchased Norton Anti-Virus 2008, and it is telling me I need to download the Service Pack 2. When I try to download that, I then get an error # 0x80072ee7. I can not for the life of me get this problem solved, I am not that computer smart, and so I am looking for some assistance. I desperately need to get something done about this computer, because all of the advertisements on webpages are now being replaced w/ some nasty photos that I do not want to see. The computer is also popping up an out of Memory box when I first open up my internet explorer window. If anyone can help me out in some way, I would greatly appreciate it, and please let me know if you notice a scammer replying to my message trying to help. Thanks again :) Tag: Kerberos problem Tag: 97309
  - 7
    - Protect password in batch file I need to use the net use command in a batch file that will be run automatically, to ensure that a mapped drive is connected. My question is, how can I avoid having the password to the mapped share appear in plain text in the batch file? Thanks. Tag: Kerberos problem Tag: 97304
  - 8
    - read only attribute I believe there was a recent Automatic Update loaded to my computer, and today I noticed that EVERY file and folder on my computer is now set with the READ ONLY attribute. Is this somehow considered a good thing for security ? If this is something to do with a security update, can I disable it ? I really do have files that I need to change frequently. If it is not a security update, is it some sort of weird attack on my computer ? Tag: Kerberos problem Tag: 97296
  - 9
    - CLM client reports - Invalid Smartcard Serial Number I am having a trouble getting my install of CLM 2007 w/ FP1 working. From the CLM client (running on Win XP SP3) I am trying to read a Gemalto .NET smart card. The message I get is "Invalid smart card serial number. Smart card information not available for the suppield smart card." The Gemalto utilities have no problem reading the card on this host. I am not sure what to make of this message - presumably the CLM client read the card, did some analysis and had a problem with s/n? Really I would like to know if it is a message I can ignore or not. This is a new deployment of CLM in a lab setting, new cards, no certs have been issued yet. Thanks, -Wes Tag: Kerberos problem Tag: 97294
  - 10
    - Certificate Server Not sure this is the right place to post this, but did not really find anywhere else to post this question. We have an internal ca running and one of our certificate servers is having trouble with the certsrv website. The server is giving out certificates that are set to autoenroll so the certificate services are working correctly. When we try to access the http://servername/certsrv we get a 401.2 error and in the security log on the server I get a event id 553 failure audit with request type of krb_ap_req with the account I am using to authenicate to the site and then the caller user name is network service. The network service account is what we are using for the default app pool and when I change the account in the app pool the caller user name changes in the failure audit. Any help would be greatly appreciated Richard Tracy Tag: Kerberos problem Tag: 97292
  - 11
    - Auditing shared folder Hello IÂ´m currently audinting a shared folder on my domain, Windows 2003 Server, and i get security sucess like, 560,567, i get when an user access to the folder but how can i tell, in an easy way, or translate that information into something understandable.For Example: John Q, access DATA Folder and read Test.doc file. I hope that I explain myself enough, i mean, that another human being could understand what i meant. If not, please give me another shot, IÂ´ll try again. Thanks for reading and even more for helping me. Greetings, bye Tag: Kerberos problem Tag: 97291
  - 12
    - strange log on username appearing x-no-archive: Well this is a strange one. Every now and then when i go to log onto something (ie groups) when I hit a certain letter a username that is meaningless comes up for me (ie "username@domain.com"). Since I live alone there is NO chance that someone used it and my computer remembered it. Furthermore I delete all filed and passwords cached, now & then. What is even stranger is the domain name contained in the address DOESN'T EXIST according to godaddy or internic. Thoughts? Ideas as to what this is about? Tag: Kerberos problem Tag: 97288
  - 13
    - Excellent website for IT SECURITY PROFESSIONALS Excellent website for IT SECURITY PROFESSIONALS, http://securityrules.blogspot.com Have fun. Tag: Kerberos problem Tag: 97287
  - 14
    - phishing scam I descovered that i was involved in a scam. My pc started acting up last friday by not allowing recieveing email Then i was going to update my check book on Quicken, and it would'nt let place numbers on the register. When I did put an entry in I noticed the screen would blink and the new data would disappere . I went to my ISP web site and did some looking in their help page and discovered an ALEART message about an email being sent about asking to update your profile. It said it was from my provider so I updated my profile. (wrong thing to do ). My question is how do I remove this thing that is infecting my pc. Also I have already put a fruad alert out to the credit reports. Any help out there. Thanks Larry Tag: Kerberos problem Tag: 97284
  - 15
    - The Difference Between Adware, Spyware and Anti-virus.(spyware spyware blockers, http://syubrawi.com/spyware-blockers Adware, spyware and computer virus share some similarities, one of which is that all three are major nuisances for computer users. Let's differentiate the three. Spyware is software that does not intentionally harm your computer. What they do is that they create pathways wherein someone else aside from the computer owner can communicate with the computer. Normally spywares record the various types of web sites you visit which are later used by web advertisers to allow them to send you unwanted emails and pop-ups. This is why spyware are usually frowned upon and greatly avoided. They are more intrusive than adware. Spyware have their own separate executable programs which allow them to record your keystrokes, scan files on your hard disks and.....more information visit us at : http://syubrawi.com/spyware-blockers see also : http://www.syubrawi.com -spyware blockers- Tag: Kerberos problem Tag: 97268
  - 16
    - RMS - Protectiing documents programmatically Hi All, Sorry for posting an OT in this group. But please help me if possible, as i am deperately trying to find an answer for this. Here are the details: *********************** Question: How to protect an existing MS Word document programmatically with RMS. (The location of the document can be in some public FileShare, which it is accessible to the user). ENVIRONMENT: I have Windows 2003 RMS SP2 (RMS SERVER), Active Directory on Windows 2003 (AD) and Microsoft Office 2003, RMS SDK, RMS Client installed on another Windows 2003 OS (RMS Client) SET UP: I have successfully installed the RMS Server (in pre- production mode) and I am able to run couple of sample code provided with RMS SDK. The machine activation code works fine, where as User activation only works for temporary activation else it throws an error. I am able to protect a document using Office 2003 application but on a different set up (production mode). I have looked in the RMS Client SDK which has information on creating Publishing/Consuming Application. But what I understand is, the Consuming Application should know, how to read the protected content, the location of Issuance License etc. In the SDK,DRMEncrypt function encrypts the data provided, but how to save the encrypted information is not specified anywhere. I assume that, those particulars are dependent on the consuming application. In case of Word documents the consuming end is Word 2003, so the protected document has to be in a format which can be understood by Office 2003. Is there any way to achieve this using the SDK? Or should I use some other SDKs/libraries provided by some-one else? What I need is either some documentation or an API or sample code that will allow me to create rights managed documents (using the RMS policy already available in the AD or creating a new RMS Policy.) that MS Word will understand and enforce. Can anyone help me to solve this? ~Thanks and regards Reghu Tag: Kerberos problem Tag: 97265
  - 17
    - downloading .exe files Windows will not let me download .exe files.As soon as download finishes it says it "this file is potentially harmful" and "has blocked access to this file".The file does not appear in the "my downloads" folder. How do I tweak Windows XP so I can download useful utilities ? Tag: Kerberos problem Tag: 97256
  - 18
    - Question on - Network Access: Do not allow anonymous enumeration of SAM accounts and shares Gurus, How much of a security risk are these Windows security settings pose if they are allowed? I am not looking for a security exposition, just a few quick thoughts? Network Access: Allow anonymous SID/Name translation Network Access: Do not allow anonymous enumeration of SAM accounts Network Access: Do not allow anonymous enumeration of SAM accounts and shares -- Spin Tag: Kerberos problem Tag: 97255
  - 19
    - Audit Privilege Use - Windows 2003 Security Guide Hello, I'd like some clarification on auditing privilege use on Windows 2003. I'm currently performing some security testing. On a Windows 2003 Server within the Local Security Policy > Local Policies > Audit policy I have enabled both success and failure auditing for 'Audit Privilege Use'. No Group Policy is in use. To test the setting, I have logged on to a server as an administrator, reset the system time and performed a shutdown. The events are logged as expected. I then log on as a non-administrative user who does not have rights to change the system time or to shut the system down. Using the non-admin user account, I attempt to change the system time and also attempt to shut the system down. Nothing is logged within the security log. The Windows Server 2003 Security Guide states 'Failed use of a user right is an indicator of a general network problem, and can often indicate an attempted security breach' It would appear that the Audit Privilege Use auditing doesn't actually pick up on people trying to perform actions for which they do not have rights, is this correct ? So the failure auditing option would only indicate that a user who has the required privileges have failed to use them and therefore this is much more likely to be a configuration (or other technical) problem rather than an attempted security violation ? Thanks in advance for any help / thoughts offered. Cheers, Gareth Tag: Kerberos problem Tag: 97253
  - 20
    - TCP Chimney - what is it and why did I have to disable it prior to a netmon trace? Gurus, In troubleshooting for MS support recently on a case I opened with them, I was told to disable tcp chimney (since I was running Windows Server 2003 SP2) prior to capturing a netmon trace. I am not sure why I had to disable tcp chimney prior to capturing a netmon trace let alone what tcp chimney even is. Any ideas? -- Spin Tag: Kerberos problem Tag: 97245
  - 21
    - Group Policy Management Console, GPMC for Vista with SP1 Hello! Did anybody know when the new Group Policy Management Console, GPMC for Vista with SP1 will be available? The Existing Group Policy Management Console, GPMC will be deinstall with the SP1. -- Mit freundlichen GrÃ¼Ã?en / Kind regards, A l e n A h j a Huelsenberg Holding GmbH & Co. KG An der MÃ¼hlenau 4 - 25421 Pinneberg Tag: Kerberos problem Tag: 97240
  - 22
    - Windows Server 2008 CA Hi, I have installed Windows Server 2008 Enterprise Root CA and Subordinate CA. Windows Vista based PCs enroll certificate or IE on Windows Vista is capable for web enrollement. Windows XP (SP2) based PCs do not enroll certficate or IE (7.0 or 6.0) on Windows XP is not capable for web enrollment. IE (7.0 or 6.0) on Windows XP di not work on SSL web site by signed Windows Server 2008 CA Mozilla Firefox on Windows XP (SP2) is working on SSL web site by signed Windows Server 2008 CA -- YAHYA YAZICI MCSE-M , MCSE-S, MCTS, MCT Morten Bilgi ve Ýletiþim Hizmetleri Ltd. Þti Web: www.btegitim.com Ofis: +90 212 274 69 98 Fax: +90 212 267 46 25 E-mail: yahya@btegitim.com Tag: Kerberos problem Tag: 97238
  - 23
    - Windows Defender Hello: The Windows Defender program that I have installed on my computer system is not running its scheduled scan time on a daily basis. How can I get the Windows Defender program to run its scheduled scan time on a daily basis, because I do have the scan time set at 11:00 am daily? Thank You, Tag: Kerberos problem Tag: 97236
  - 24
    - Implementing EFS What is the best way to implement EFS to encrypt 500GB of data-at-rest stored on a NAS server that is sitting in a backend domain/DMZ. This share has to be accessed by web servers sittings on a front end domain/DMZ. The DMZs are separated by a FW that only allow traffic over specific ports between these domains. We do not have PKI implemented at the enterprise in this network setup. Do we need to have PKI for EFS? Tag: Kerberos problem Tag: 97231
  - 25
    - Revoke a CA Hello, I am new to dealing with certificates and am having an issue with a renewed CA certficate. In 2003 IAS, right clicking the server, properties, general tab. There is a list of CA certficates. We have 3 listed. 2 were accidentally created when attempting a renew. How do you revoke them? I went into the issued certificates and looked up the admin who did the renew and found two certificates by him. I revoked them with a "hold" but that apparently was not it as the CA certificates still showed up. Thanks, Tag: Kerberos problem Tag: 97229

Hi

I am trying to use Kerberos for single signon using a combination of Windows
XP clients to connect to IBM WebSeal and then on to IBM WebSPhere.
Everything seems to be working from the IBM side of things, however on
testing 50 PC's, half fail to connect resulting in a WebSeal error.

IBM assure me that this is a Kerberos issue, I've turned on Kerberos logging
and I don't see any error in the Event log, and I appear to have the session
tickets correctly. I would appreciate any help as to where to look next,

Thanks in Advance,

Stephen

Top

Re: Kerberos problem by Dobromir

Dobromir
Tue Apr 22 16:38:49 CDT 2008

If half of them can authenticate, and the other half - can't, then I'd rule
out DNS, keytabs, and other general Kerberos stuff.

The three things to look at would be:
* Time Synchornisation - make sure that client clocks and associated
timezones are skewed less than 5 minutes from the server (this is not very
much likely, as time sync is a required for the client to login to AD in the
first place...)
* krbtray.exe - this Windows 2000/2003 Resource Kit tool provides a list of
current tickets, available to the user. Look for tickets to your WebSeal
server for both users that can and can't connect, and compare the results
* There are some Kerberos implementation specifics on the Microsoft side -
you may want to check out the following article:
http://www-1.ibm.com/support/docview.wss?rs=638&context=SSPREK&dc=DB520&dc=DB560&uid=swg21259123&loc=en_US&cs=UTF-8&lang=en&rss=ct638tivoli

--
---
HTH,
Dobromir

Learn more about Security and Identity Management:
Visit http://www.iamechanics.com

"sdm" <stephen.moss@bradford.gov.uk> wrote in message
news:GYudnS3Vfca5h5PVRVnyhAA@eclipse.net.uk...
> Hi
>
> I am trying to use Kerberos for single signon using a combination of
> Windows XP clients to connect to IBM WebSeal and then on to IBM WebSPhere.
> Everything seems to be working from the IBM side of things, however on
> testing 50 PC's, half fail to connect resulting in a WebSeal error.
>
> IBM assure me that this is a Kerberos issue, I've turned on Kerberos
> logging and I don't see any error in the Event log, and I appear to have
> the session tickets correctly. I would appreciate any help as to where to
> look next,
>
> Thanks in Advance,
>
> Stephen
>

Top