W2k3 and Hotfix KB833708
huaraz at moeller.plus.com
Sat Nov 6 09:48:04 EST 2004
It seems to be related to how MS calculates salt for computer accounts in
2003, this is for example fixed in a newer Windows ktpass version. Does
anybody know how they determine the salt now ?
"Markus Moeller" <huaraz at moeller.plus.com> wrote in message
news:4187faaa$0$4012$ed2619ec at ptn-nntp-reader01.plus.net...
>I experience problems with Hotfix KB833708 on a w2k3 kdc and MIT 1.2.4 (yes
>I know its old). The fix works fine when I use MIT 1.3.1 which supports
> When I extract a keytab which is associated with a computer account in AD
> I get decrypt integrity check failed errors. It is the same error as
> described by Nathan earkier at
> http://mailman.mit.edu/pipermail/kerberos/2004-April/005080.html. I can
> get the decrypt error solved, when I change the user account contol flag
> from UF_TRUSTED_WORKSTATION_ACCOUNT to UF_NORMAL_ACCOUNT ( I think it
> means changing it from a computer account to a user account)
> Has anybody experienced this too ? Do I miss another Hotfix ?
More information about the Kerberos