Questions

Answer for:

The system detected a possible attempt to compromise security.

Message 2 of 5

View entire thread
+
0 Votes
robo_dev

Kerberos uses UDP protocol for the ticket exchange, per the RFC standard. UDP is a best-effort protocol, and things like VPNs or busy networks cause odd things to happen (like not being able to authenticate). Kerberos cannot tolerate packets getting out of order, which can happen due to MTU size issues, latency, etc.

Microsoft allows you to go non-standard and force Windows to use TCP for kerberos authentication via a registry edit.

I believe the 'trying multiple times' part has to do with either the use of roaming profiles and/or the workstation. If the user profile is not cached the credentials cannot be cached.

You might fiddle with cached login counts:

The following key value is set to 10 on both the Win7 and XP machines:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\CachedLogonsCount

http: //social DOT technet DOT microsoft DOT com/Forums/en-US/w7itprosecurity/thread/bc13f194-36fa-4140-a899-2954ce62c4bf/

One other thing, if users do not log off..just shut the lid of the laptop, then the machine can get confused and keep trying to hit the DC when they resume. They must logoff or the PC won't used cached credentials in all cases.