+ 0 Votes Time limit for cache of logon credentials? TobiF 3 years ago This sounds like situations where the client needs to be cleared for access to said service. Do you have any kind of time out, either from the server side (like cleaning records that are more than 8 hours old) or from the client side (time limit for cache of logon credentials)? + 0 Votes Google is your friend... TobiF 3 years ago Of course I have no idea. But Google led me to another situation, where this message occurs: http://support.microsoft.com/kb/824217 From this page we learn that we may get more information about the problem if we (enable and then) check the Kerberos logs. I'm takling about this paragraph: <i>Event 40960 only logs the error returned by Kerberos. It does not log the name of the principal or the name of the client. In order to obtain this information, auditing for User Logon Failures must be enabled. By looking at the logon failure audit event logged at the same time as the SPNEGO event, more information about the logon failure can be obtained.</i> By the way, interesting that the error message includes unexpanded parameters (%1 etc.). Soo helpful. Anyway, this message shows we guessed correctly, the authentication ticket expires without renewal. Again, activating and reading Kerberos logs may give next set of clues. And (temporary) workaround would be to set longer validity of the tickets.