You experience a delay in the user-authentication process when you run a high-volume server program on a domain member in Windows 2000 or Windows Server 2003 (906736)


The information in this article applies to:

  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server

SYMPTOMS

When you run a high-volume server program on a domain member that uses Kerberos to authenticate users, you experience a delay in the user-authentication process. Additionally, you notice an increase in the remote procedure call (RPC) traffic between the domain controller that uses the Net Logon RPC interface and the server.

When you enable debug logging for the Net Logon service on the domain member or on the domain controller, the following entry is logged in the in the System log: [LOGON] SamLogon: Generic logon of <domain name>\(null) from (null) Package:Kerberos Entered

CAUSE

This problem occurs because the Kerberos client verifies the Privilege Attribute Certificate (PAC) signature in the Kerberos ticket by using the domain controller. The Kerberos client performs this verification to prevent PAC spoofing. The increased network traffic is generated by the RPC requests that are part of this verification process.

The Kerberos client performs this verification only for untrusted callers. User-mode applications are recognized as untrusted callers.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

For more information about how to enable debug logging for the Net Logon service, click the following article number to view the article in the Microsoft Knowledge Base:

109626 Enabling debug logging for the Net Logon service

Modification Type:MinorLast Reviewed:2/23/2006
Keywords:kbtshoot kbBug KB906736 kbAudITPRO kbAudEndUser
©2004 Microsoft Corporation. All rights reserved.