Kerberos

[Guest]

I have a 2000 server with ISA installed. It acts as our
firewall and proxy. It also has a company Intranet on it.
Our internal network has a 2000 DNS server. Our companies
internal domain name is PAI. There is another company out
in the world with the internet domain name of pai.com. My
event log on the 2000 server with isa creates 4 events
every 30 seconds or so with the below event message

The function InitializeSecurityContext received a Kerberos
Error Message:
on logon session
Client Time:
Server Time: 14:37:7.0000 1/6/2004 (null)
Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN
Client Realm:
Client Name:
Server Realm: PAI.COM
Server Name: krbtgt/PAI.COM
Target Name: DNS/[email protected]
Error Text:
File:
Line:
Error Data is in record data.

Sometimes the target name is differant, but I think it is
still our isp's dns servers. My thought on this is that
something is escaping my network and trying to
authenticate to this external PAI.com domain since my
internal domain name is pai.com. The problem is I don't
know where to look for this problem. Should I look in our
dns, should I put in some type of filter, etc...

Any suggestions?

Thanks,

 

[Drew Cooper [MSFT]]

Not my area of expertise, but nobody has responded to you yet. . .

Your ISP's DNS servers should be able to be set to resolve your domain name
internally but discard external requests. This fits the topology in figure
8, here:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itsolutions/idc/rag/ragc03.asp

Barring that, you could try to block kerb traffic at your own firewall, but
who knows what else that might break? Kerb ports are listed in
%windir%\system32\drivers\etc\services.