Friday Mail Sack: Ride ‘Em Cowboy Edition

Howdy partners, Ned here. This week we talk event logs, auditing, NTLM “fallback”, file server monitoring, and SCOM 2007 management pack dissection. It was a fairly quiet week for questions since everyone is off for vacation at this point, I reckon. That didn’t mean it wasn’t crazy at work – our folks take vacation too,… Read more

Friday Mail Sack: Walking Tall Edition

Hello folks, Ned here again. After a week in Las Colinas Texas, the blog migration, and Jonathan’s attempted coup, we are still standing. Since I’m sure your whole day has been designed around this post I won’t keep you waiting. RODC WAN down behavior DFSR and the PDCE RPC encryption in DFSR Windows 7 and… Read more

Friday Mail Sack – Mogwai Edition

Hi folks, Ned here again. This week we hunt down some documentation gremlins and give them a well-deserved smack. Also, things will be a bit slow next week as I will be out in Redmond teaching this rotation of Microsoft Certified Masters. Never heard of it? If you’re at the IT career tipping point, this… Read more

CRM and Kerberos

Ned here again. Are you using MS Dynamics CRM? Be sure to check this excellent blog post from our colleagues Jeremy Morlock and Henning Petersen on how CRM uses Service Principal Names and what you need to get it all working: http://blogs.msdn.com/crm/archive/2009/08/06/configuring-service-principal-names.aspx It covers the following scenarios, step by step: Host header added to site… Read more

Internet Explorer behaviors with Kerberos Authentication

Hey Rob here again, I thought that I would share with you some of the things that we see where Internet Explorer Kerberos authentication fails. It is important to understand the default behavior of Internet Explorer and its support for Kerberos authentication so that you don’t start ripping out your hair (can’t speak to what… Read more

Potential for Kerberos Issues When Using a Cisco VPN/ASA with Win2003 or later DC’s

Hey everyone, Rob Greene here back after a long hiatus from blogging. I had an interesting case come through that I thought many of you IT pros would be interested in. Background The customer had an issue with using Cisco VPN and Cisco ASA concentrators and authenticating the user with Kerberos authentication. After they upgraded… Read more

SQL Bulk Insert – Access is Denied

Hey all, Mark from DS again. I have found that numerous cases have been opened where Microsoft customers are upgrading from SQL 2000 to SQL 2005. After the upgrade they were attempting to run a bulk insert statement either in the Enterprise Manager or the Management Studio application and getting an “Access is denied” error… Read more

DelegConfig V2 Released

Hi all, Ned here again. Our compadre Brian Murphy-Booth has released the newest version of the Kerberos Delegation IIS Website that we have discussed previously here and here. You can grab it here: http://blogs.iis.net/brian-murphy-booth/archive/2009/04/22/delegconfig-v2-beta.aspx Brian really hopes you leave comments and questions, be sure to take him up on his offer. He’s good people. 🙂 –… Read more

Addendum: Making the DelegConfig website work on IIS 7

Hi All Rob here again. I thought I would take the time today and expand upon the Kerberos Delegation website blog to show how you can use the web site on IIS 7. Actually, Ned beat me up pretty badly for not showing how to set the site up on IIS 7 [I sure did…. Read more

Negotiate security support provider behavior

Greetings DS blog readers, Todd here. I wanted to talk a little about the Negotiate security support provider (SSP) and how there are times when it will intentionally use NTLM rather than Kerberos. [And if that’s not interesting, keep reading anyway because there is a slick trick in here for network captures – Editor] In… Read more