류짱:Beyond MySelf

Kerberos 인증 문제 해결을 위한 네트워크 패킷 수집을 위한 사전작업 본문

Microsoft/Active Directory

Kerberos 인증 문제 해결을 위한 네트워크 패킷 수집을 위한 사전작업

リュちゃん 2012. 7. 1. 21:29

Kerberos 인증 문제가 발생하여  클라이언트와 서버에서 인증 관련 패킷을 수집 해야 한다면 아래와 같이 사전 작업을 미리 한 후 넷몬으로 패킷을 수집하면 좋겠네요^^

1.Make sure that there are no Internet Explorer windows open, and in general close down as many applications as possible so that your network traces are as clean as possible.
2.Start the network capture utility.
3.Clear all name resolution cache as well as all cached Kerberos tickets.
To clear DNS name cache you type in:  IPConfig /FlushDNS
To clear NetBIOS name cache you type in:  NBTStat –R
To clear Kerberos tickets will need KList.exe:  KList purge
4. Launch Internet Explorer and go to the web site.
5. Once the website comes up or error messages are being displayed, go ahead and stop the network capture.

[참고 자료]
Kerberos Authentication problems – Service Principal Name (SPN) issues - Part 1
http://blogs.technet.com/b/askds/archive/2008/05/29/kerberos-authentication-problems-service-principal-name-spn-issues-part-1.aspx