Event ID 3 Source Kerberos
| Event ID | 3 |
| Source | Kerberos |
| Type | Error |
| Description | A Kerberos Error Message was received: on logon session InitializeSecurityContext Client Time: Server Time: 17:15:47.0000 11/18/2003 Z Error Code: <error code> <error symbolic name> Extended Error: 0xc00000bb KLIN(0) Client Realm: Client Name: Server Realm: <domain> Server Name: host/<domain> Target Name: host/<name>@<domain> Error Text: File: 9 Line: ab8 Error Data is in record data. |
| English, please! | This information is only available to subscribers. An example of English, please! |
| Concepts to understand |
What is the role of the KDC? What is Kerberos? |
| Comments |
Adrian Grigorof
(Last update 11/6/2009): Error code: 0xd = KDC_ERR_BADOPTION - See the "KDC_ERR_BADOPTION when attempting constrained delegation" link for one example of situation when this may be recorded Error code: 0x20 = KRB_AP_ERR_TKT_EXPIRED Mihai Andrei (Last update 7/29/2007): See M918442 for a hotfix applicable to Microsoft Windows Server 2003. See M938702 for additional information about this event. Ionut Marin (Last update 8/27/2005): According to Microsoft, this issue may occur if the service principal name (SPN) of the service is not authenticated. The SPN is not authenticated if the SPN is not registered to a service account. The SPN is the server name found in the event's description. See M887993 to register the SPN with the account that the service runs under. Ivan Dretvic (Last update 7/22/2005): See M230746 for a description of common Kerberos-related errors in Windows 2000. PaulD (Last update 1/15/2005): See the links to "Kerberos Authentication Tools and Settings" and "Troubleshooting Kerberos Errors" for Kerberos related troubleshooting information. Why bother deciphering Event logs when GFI EventsManager can do everything for you? Free trial here! Chris Szeles (Last update 11/17/2004): This issue is inherent in Windows 2003 Domain Controllers when Kerberos TCP logging has been turned on. This should only be used for troubleshooting purposes as per Microsoft due to excessive event IDs. To turn off logging, refer to KB262177 and do the opposite. If you have a GPO enabled and enforced, change the 1 in “Computer Configuration -> Administrative Templates -> Kerberos Parameters -> Kerberos Event Logging” to a 0. This will effectively turn off all Kerberos logging, but it will not prevent critical system Kerberos event logs. In some instances, you may need to contact Microsoft tech support for a hotfix (KB824905) to fix this issue. |
| Links | M230476, M262177, M824905, M887993, M918442, M938702, Kerberos Authentication Tools and Settings, Troubleshooting Kerberos Errors, MSW2KDB |
| Search | Google Web - Microsoft Support - Bing - EventID.Net Queue - More links... |
| Custom search | The custom search information is available to subscribers only. |
| Feedback | Send comments - Notify me when updated |
| Print version |