Question : active directory, W2k8 R2 DC, Kerberos failures, Event ID: 3, 4771, 4769, 4768, 4776, 4625   source: Microsoft Windows security

I've brought in a new w2k8 R2 DC into our w2k3 domain, and I'm seeing all kinds of security log audit failures, mostly kerberos.  I've found some basic information on them, but I don't understand the process well enough to make much sense of them.  What happens when failures occur for "Kerberos pre-authentication failed", or "A Kerberos service ticket was requested." ?  Does that mean NTLM will be attempted?  We have non-ms smb clients in our environment.  I don't know if they are having problems because of authentication issues, or if our Windows computers and users are experiencing delays.  The bottom line is that i can't tell if these indicate real problems, and i would like to understand the process better.  Any feedback or pointers to docs that explain this well is appreciated.

More info:  I did up the logging according to http://support.microsoft.com/kb/262177 , and now a lot of event ID: 3 , Source: Security-Kerberos are showing.

Thanks,
Matt

Answer : active directory, W2k8 R2 DC, Kerberos failures, Event ID: 3, 4771, 4769, 4768, 4776, 4625   source: Microsoft Windows security

Essentially all domain authentication is done with kerberos.  All non-domain authentication by default tries to use kerberos first if supported, if not, then it bumps down the chain to NTLMv2, then to NTLM ...

Here is a good link that gives an overview of the windows authentication methodologies.

http://technet.microsoft.com/en-us/library/cc755284%28WS.10%29.aspx
Random Solutions  
 
programming4us programming4us