none
Event id 26、27 RRS feed

  • 问题

  • 在域中有Windows2008 R2 DC和windows2003 DC

    现在windows2003 DC上有大量 Event id 26和27的错误日志

    Event Id 26

    While processing an AS request for target service krbtgt, the account cxli did not  have a suitable key for generating a Kerberos ticket (the missing key has an ID of 2). The requested etypes were 18.  The accounts available etypes were 23  -133  -128  3  1  -140. 

    Event id 27

    While processing a TGS request for the target server krbtgt/SUNLUEN-TX.LOCAL, the account EDPPC242$@SUNLUEN-TX.LOCAL did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 8). The requested etypes were 18.  The accounts available etypes were 23  -133  -128  3  1.

    2015年1月19日 4:09

全部回复

  • 参考下:

    http://technet.microsoft.com/en-us/library/cc734055.aspx

    http://technet.microsoft.com/en-us/library/cc733974(v=ws.10).aspx


    在IT的路上,You'll never walk alone

    2015年1月19日 6:10
  • 参考下:

    http://technet.microsoft.com/en-us/library/cc734055.aspx

    http://technet.microsoft.com/en-us/library/cc733974(v=ws.10).aspx


    在IT的路上,You'll never walk alone

    还是没有解决,此问题从12月份开始,以前是没有的。
    2015年1月20日 0:17
  • 你好,

    可以试一下开启DES encryption在server 2008的机子上。

    方法如下:

    Enable DES encryption on 2008 machines so the 2003 DC can authenticate requests – probably best to add it to the default domain policy..

    Computer Configuration\Security Settings\Local Policies\Security Options

    Enable – Network security: Configure encryption types allowed for Kerberos
    Types: DES-CBC-MD5 & DES-CBC-CRC (and all the new types AES256-CTS-HMAC-SHA1-96, AES128-CTS-HMAC-SHA1-96, RC4-HMAC)

    详情参考以下文档:

    https://itimesaver.wordpress.com/2013/01/07/kdc-event-id-26-and-27-logged-on-2003-dc/

    希望对您有所帮助。


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com


    2015年1月24日 6:58
    版主
  • 你好,

    可以试一下开启DES encryption在server 2008的机子上。

    方法如下:

    Enable DES encryption on 2008 machines so the 2003 DC can authenticate requests – probably best to add it to the default domain policy..

    Computer Configuration\Security Settings\Local Policies\Security Options

    Enable – Network security: Configure encryption types allowed for Kerberos
    Types: DES-CBC-MD5 & DES-CBC-CRC (and all the new types AES256-CTS-HMAC-SHA1-96, AES128-CTS-HMAC-SHA1-96, RC4-HMAC)

    详情参考以下文档:

    https://itimesaver.wordpress.com/2013/01/07/kdc-event-id-26-and-27-logged-on-2003-dc/

    希望对您有所帮助。


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com


    你好,這個組策略,已經設定了,但還是有報此錯誤。

    2015年1月27日 10:05