Clients Cannot Log On by Using Kerberos over TCP (320903)


The information in this article applies to:

  • Microsoft Windows 2000 Server SP1
  • Microsoft Windows 2000 Server SP3
  • Microsoft Windows 2000 Server SP2
  • Microsoft Windows 2000 Advanced Server SP1
  • Microsoft Windows 2000 Advanced Server SP2
  • Microsoft Windows 2000 Advanced Server SP3
  • Microsoft Windows 2000 Professional SP1
  • Microsoft Windows 2000 Professional SP2
  • Microsoft Windows 2000 Professional SP3
This article was previously published under Q320903

SYMPTOMS

Clients cannot log on to the domain if the clients use Kerberos over Transport Control Protocol (TCP). Clients that use Kerberos over User Datagram Protocol (UDP) can log on correctly.

CAUSE

Kerberos may stop accepting connections over TCP. This condition is temporary; Kerberos recovers and begins accepting connections again after approximately two minutes.

RESOLUTION

Service Pack Information

To resolve this problem, obtain the latest service pack for Microsoft Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

Hotfix Information

A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next Windows 2000 service pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The typical support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix should have the following file attributes or later: 

Date         Time   Version        Size       File name
--------------------------------------------------
05-Jun-2002  10:16  5.0.2195.5781    123,664  Adsldp.dll
05-Jun-2002  10:16  5.0.2195.5781    131,344  Adsldpc.dll
05-Jun-2002  10:16  5.0.2195.5781     62,736  Adsmsext.dll
05-Jun-2002  10:16  5.0.2195.5801    358,160  Advapi32.dll
05-Jun-2002  10:16  5.0.2195.5265     42,256  Basesrv.dll
05-Jun-2002  10:16  5.0.2195.5855     49,424  Browser.dll
05-Jun-2002  10:16  5.0.2195.5595    135,952  Dnsapi.dll
05-Jun-2002  10:16  5.0.2195.5595     96,016  Dnsrslvr.dll
05-Jun-2002  10:16  5.0.2195.5722     45,328  Eventlog.dll
05-Jun-2002  10:16  5.0.2195.5684    222,480  Gdi32.dll
05-Jun-2002  10:16  5.0.2195.5859    145,680  Kdcsvc.dll

04-Jun-2002  14:31  5.0.2195.5859    199,952  Kerberos.dll
05-Jun-2002  10:16  5.0.2195.4928    708,880  Kernel32.dll
04-Jun-2002  14:32  5.0.2195.5859     71,024  Ksecdd.sys
04-Jun-2002  14:32  5.0.2195.5859    504,080  Lsasrv.dll
04-Jun-2002  14:32  5.0.2195.5859     33,552  Lsass.exe
04-Jun-2002  14:31  5.0.2195.5859    107,792  Msv1_0.dll
05-Jun-2002  10:16  5.0.2195.5855    307,472  Netapi32.dll
05-Jun-2002  10:16  5.0.2195.5723    360,208  Netlogon.dll
05-Jun-2002  10:16  5.0.2195.5839    916,752  Ntdsa.dll
05-Jun-2002  10:16  5.0.2195.5585    386,832  Samsrv.dll
05-Jun-2002  10:16  5.0.2195.5837    128,784  Scecli.dll
05-Jun-2002  10:16  5.0.2195.5757    299,792  Scesrv.dll
05-Jun-2002  10:16  5.0.2195.4314    402,192  User32.dll
25-Jun-2001  19:17  3.10.0.103        47,808  User.exe
05-Jun-2002  10:16  5.0.2195.5644    369,936  Userenv.dll
05-Jun-2002  10:16  5.0.2195.5859     48,912  W32time.dll
04-Jun-2002  14:32  5.0.2195.5859     57,104  W32tm.exe
31-May-2002  10:26  5.0.2195.5840  1,642,192  Win32k.sys
03-May-2002  11:31  5.0.2195.5731    178,960  Winlogon.exe
05-Jun-2002  10:16  5.0.2195.4602    243,472  Winsrv.dll
05-Jun-2002  10:16  5.0.2195.5737    125,712  Wldap32.dll


STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Microsoft Windows 2000 Service Pack 4.

MORE INFORMATION

For additional information about how to obtain a hotfix for Windows 2000 Datacenter Server, click the article number below to view the article in the Microsoft Knowledge Base:

265173 The Datacenter Program and Windows 2000 Datacenter Server Product

For additional information about how to install multiple hotfixes with only one reboot, click the article number below to view the article in the Microsoft Knowledge Base:

296861 Use QChain.exe to Install Multiple Hotfixes with One Reboot

Modification Type:MinorLast Reviewed:10/11/2005
Keywords:kbHotfixServer kbQFE kbSecurity kbWin2kSP4fix kbbug kbfix kbWin2000preSP4Fix KB320903
©2004 Microsoft Corporation. All rights reserved.