Over 1 million tech questions and answers.

Smartcard or constrained Kerberos to ATACenter

Q: Smartcard or constrained Kerberos to ATACenter

I have the GA installed and working, and would like to add a few more ATA administrators.
Problem is they don't have passwords, just smartcards. Can I set up the ATA Console for Windows authentication, Smartcard auth or Kerberos Constrained instead of the (albeit very pretty) username/password only configuration that's default?

Read other answers
Preferred Solution: Smartcard or constrained Kerberos to ATACenter

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)



Source code for Kerberos Protocol Transition and Constrained Delegation whitepaper sample scenarios

System Requirements
Supported Operating Systems: Windows Server 2003

All editions of Windows Server 2003 for code samples on Microsoft IIS servers;
All editions of Windows Server 2003, Windows 2000 professsional and all editions of Windows 2000 Server for code samples on Microsoft SQL server;
All but Web edition of Windows Server 2003 for running Active Directory




A:Kerberos Protocol Transition and Constrained Delegation Whitepaper Samples: Feb 20

Originally posted by eddie5659:
Source code for Kerberos Protocol Transition and Constrained Delegation whitepaper sample scenarios
Click to expand...

Whachutalkinbout Willis?

Read other 2 answers

I have a Windows 7 Home system that is connected by IKEv2 VPN to another network served by strongSwan.  The VPN also uses the smartcard to authenticate.  So I do have the server's root CA in my local machine's trusted root CA store, and it is capable
of using the card in general.  Once connected, the kinit that comes with Oracle Java can also be used to get a ticket for my username.  So time sync must be good.
The problem comes with Remote Desktop.  Attempting to connect to an inside system with RD using the smartcard causes the message "The Kerberos protocol encountered an error while attempting to utilize the smartcard subsystem."
Tracing the packets seen by Windows Server 2016, I see that the client sends an as-req to the KDC, and it is asking for the correct principal name, but the request contains no preauth information (ie the certificate).  The server correctly responds
with "preauth required" and includes PKINIT as an auth choice.  No further communication with the KDC is attempted.
Attempts to make this work have included using ksetup on the client system to define the default realm and set a KDC.
What is needed to make the client send a properly formed ticket request?

Read other answers


We've installed ATA in our demo environemnt more than a year ago.
When I verified the config, I noticed that the ATAcenter and ATACOnsole certificate are expired.

Because of this, none of the ATA services can start, and I'm not able to renew the certs from the ATA console.

Is there a way to manually update the certificate, without the need to use the console?

Read other answers

See below Mongo db error log.  Could this be related?

2018-12-05 22:59:22.5294 4872 1234 Error [CommandWireProtocol`1] MongoDB.Driver.MongoCommandException: Command collStats failed: Collection [ATA.ServiceInstalledEvent_20180608051637] not found..
   at MongoDB.Driver.Core.WireProtocol.CommandWireProtocol`1.ProcessReply(ConnectionId connectionId, ReplyMessage`1 reply)
   at async MongoDB.Driver.Core.WireProtocol.CommandWireProtocol`1.ExecuteAsync[](?)
   at async MongoDB.Driver.Core.Servers.Server.ServerChannel.ExecuteProtocolAsync[](?)
   at async MongoDB.Driver.Core.Operations.CommandOperationBase`1.ExecuteProtocolAsync[](?)
   at async MongoDB.Driver.Core.Operations.ReadCommandOperation`1.ExecuteAsync[](?)
   at async MongoDB.Driver.OperationExecutor.ExecuteReadOperationAsync[](?)
   at async MongoDB.Driver.MongoDatabaseImpl.ExecuteReadOperationAsync[](?)
   at async Microsoft.Tri.Center.Database.MongoDatabaseExtension.RunAsync(?)
   at async Microsoft.Tri.Center.Database.CappedCollection`1.UpdateCurrentCollectionEntityCountAsync[](?)
   at async Microsoft.Tri.Infrastructure.Extensions.TaskExtension.<>c__DisplayClass33_0.<RunPeriodic>b__0(?)

Read other answers

Please help

I am trying to install OneBridge client onto my mobile phone & when i start to install i get the above error...... I have run a search on this error & cannot find any relevant info.

As always any help would be greatly appreciated x


Read other answers

HI, Iam getting a blue screen then reboot after physical memory dump. This happens whenever I watch a .avi file or if I'm watching a streaming site like youtube, it even happened when i was on a myspace page yesterday. It plays the video but when ever i close the media player or website down I get the Blue Screen.

The Blue screen says Bad Pool Header and the main number at the bottom is 0x00000019 (0x00000021 0xD18BE000 0x00070808 0xFFFE0176)

In the event viewer under errors it says "Unable to initialize the security package kerberos for server side authentication. the data field contains the error number " It is an httpevent and has an ID of 15016.

There are also some updats that I cannot install, KB951698. not sure if this has anything to do with the kerberos thing.

I just installed vista 3 days ago from a dell upgrade dvd and put SP1 in yesterday. I have no idea what to do. There was another problem with sonic before but I found a patch for that, that problem gave me the same blue screen (I think, both had 0x00000019 though unsure if the drvmcdb.sys problem had same bracketed numbers).

Here the log from the debugger WINDBG

BugCheck 19, {21, 8608b000, 70808, ffff}
*** WARNING: Unable to verify timestamp for sthda.sys
*** ERROR: Module load completed but symbols could not be loaded for sthda.sys
Probably caused by : sthda.sys ( sthda+148ec )
Followup: MachineOwner
1: kd> !analyze -v
********************************************************... Read more

Read other answers

Hi all,

I am using Windows 2000 Professional. I wish to configure the Kerberos Policy in the system but do not know where to find policy and configure the settings.

Thanks all for ur help.....

A:Kerberos Policy

See if the MS article below helps. Let us know what happens.

Read other 2 answers

Can someone please explain me the basics of the kerberos protocol. I cannot understand anything.

A:kerberos protocol


Read other 1 answers

I had this on my HP which I returned for MCE's and now I see it here on my new Dell XP430 as well.

The ERROR is an HTTP Event 15016 and under General it says "Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number."

And under Details it says:
" Name] Microsoft-Windows-HttpEvent
[ Guid] {7b6bc78c-898b-4170-bbf8-1a469ea43fc5}
[ EventSourceName] HTTP

- EventID 15016
[ Qualifiers] 49152

Version 0

Level 2

Task 0

Opcode 0

Keywords 0x80000000000000

- TimeCreated
[ SystemTime] 2009-04-12T21:13:07.363Z

EventRecordID 24054


- Execution
[ ProcessID] 4
[ ThreadID] 52

Channel System

Computer DellXPS430

- EventData

DeviceObject \Device\Http\ReqQueue

SecurityPackage Kerberos
Binary data:

In Words
0000: 00040000 00300002 00000000 C0003AA8
0008: 00000000 00000000 00000000 00000000
0010: 00000000 00000000 8009030E

In Bytes
0000: 00 00 04 00 02 00 30 00 ......0.
0008: 00 00 00 00 A8 3A 00 C0 ....?:.?
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 0E 03 09 80 ...?
----------------... Read more

A:Anyone else having Kerberos errors?

Kerberos is a computer network authentication protocol, which allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. It is also a suite of free software published by Massachusetts Institute of Technology (MIT) that implements this protocol. Its designers aimed primarily at a client-server model, and it provides mutual authentication — both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks.
Kerberos builds on symmetric key cryptography and requires a trusted third party. Extensions to Kerberos can provide for the use of public-key cryptography during certain phases of authentication.

Read other 11 answers

Hello, I'm really lost .. well : My Professor has asked me to work on a project called KERBEROS, and as you know KERBEROS authentication protocol is a network based on a mechanism for secret keys (symmetric encryption ) and the use of tickets ... My problem is that she asked me to show her how it works on windows server 2003 with ActiveDirectory ! I think its hyper difficult to show it no? even using a sniffler it is difficult or not? Please how can I show her that there is an authentification and an exchange ticket .... I want to know the shortest path and simplest guide in order to have a very great mark thankie .

A:Kerberos I HATE YOUUUU ><

Read other 9 answers


This white paper explains how to troubleshoot delegation issues that can arise in Kerberos authentication scenarios. The paper summarizes required infrastructure and describes Windows authentication scenarios. The central discussion is organized around four troubleshooting checklists: one each for Active Directory, client application, middle tier, and back-end. The appendices detail diagnostic tools and give examples of how to resolve problems in typical IIS to SQL delegation scenarios

System Requirements
Supported Operating Systems: Windows Server 2003

Microsoft Word or Word Viewer




Read other answers

Can i create an application based on kerberos within 10 days using .net technologies?
And it would be very fine if anyone can provide it to me or any kind of links.....
plz its urgent......

A:kerberos application requried

ramveer91 said:

Can i create an application based on kerberos within 10 days using .net technologies?Click to expand...

Depends on your experience and the scope of your project.
ramveer91 said:

And it would be very fine if anyone can provide it to me or any kind of links.....
plz its urgent......Click to expand...

Google google google. For instance, when I google "kerberos .net application" I get a ton of hits, i.e.


Read other 1 answers

I have a java application which uses Kerberos authentication for login. Through IE 10 Kerberos authentication is successful only if the user has local admin privilege and the IE 10 should be run as administrator. Anyone in forums can help me to resolve this issue as we cannot give a domain user local admin privilege.

Read other answers

We have loaded the DOD AGM image on a laptop.  IT is joined to the domain and configured using the local administrator log in.
THEN we attempt to log in with the required DOD CAC and we get:
The Kerberos protocol encountered an error while validating the KDC certificate during logon through smart card

The event log shows Event ID 9

"The client has failed to validate the Domain Controller certificate for X.army.mil. 
The following error was returned from the certificate validation process: 
A certificate chain could not be built to a trusted root authority."

we do not control the Domain Controller..That is controlled by another DOD group. (just and FYI)

Event ID 9

A:Windows 7 CAC and Kerberos error


The issue may be more related to the third party programs. Please understand that Microsoft has the limited resources about the third party programs. You may contact to their support team directly.Kim Zhou

TechNet Community Support

Read other 4 answers

Hi all,
I really does not know what is happening. We have 1 secure vlan default blocked all port IN/OUT. We had setup on the firewall to opened ports which are required allow the Windows 7 Enterprise able to work. The system is in a domain west.ads.cc.com example.
We have 3 issue came up for all systems located in this secure vlan as describe below:

IT systems in a different vlan cannot offer Remote Assistant. There is no issue with IT systems machines since they still can Remote Assistant to other vlan fine.
Users in this secure vlan cannot access to a shared drive from a different domain but still in the same forest level. Example our forest is ads.cc.com, the the different domain is east.ads.cc.com. There is no issue with the shared drive in east.ads.cc.com
since other user in different vlan located in domain west.ads.cc.com still able to access without any issue.Users in this secure vlan cannot connect to 1 SQL Server in west.ads.cc.com if using Windows Authentication. They still able to connect to this SQL Server if using SQL Authentication ID since we opened port 1433 as designed. We used procmon tool to analyze
found out there are totally 13 send/receive packets need to be communicate allow a full transaction established successful. But when we using Windows Authentication, the first 7 packets has been communicated and was drop after about 10 seconds at the 7th send
packets. This look like due to time out. We got the error related to SSPI handshake failed.... Read more

Read other answers

Didn't know what forum to place this in. Having issues with Kerberos Errors and my SCCM server. I have another issue, but I think this is related. I get the following event in my PC.

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server aas-vm-sccm$. The target name used was HTTP/aas-vm-sccm.aas.global.amphenol-sensors.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (AAS.GLOBAL.AMPHENOL-SENSORS.COM) is different from the client domain (AAS.GLOBAL.AMPHENOL-SENSORS.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
Now when I run the setspn -Q http/tnwd07190.aas.global.amphenol-sensors.com I get
Checking domain DC=aas,DC=global,DC=amphenol-sensors,DC=com
CN=AAS-SvcAdmin,OU=Svc&Floor Accounts,OU=Users,OU=Taunto... Read more

Read other answers

Wow, have I been bashing my head on a brick wall with this problem. Been lurking here for a while, great site.

In a nutshell, my search field on the Win7 Start menu returns no results. If I click "see more results" it returns "Windows cannot find 'search:query=search string'. Note that this is not the 'Showing only category headers' problem. Search returns a big, white box with "No items match your search" and "See more results" no matter what you type.

Win+F simply does nothing (I've only just noticed this).

Constrained search in Explorer works fine (!).

I've tried:
The built in search troubleshooter - no problems detected. The MS downloaded troubleshooter - no problems detected. Deleting a bunch of registry keys and restarting the service (detailed here), service starts up fine, start search still non-functional. I've been mucking around, rebuilding indexes, trawling the web for anything, but alas, any offered solutions I have come across do not make any difference.

I'm not entirely sure how this happened - SP1 maybe? A reg cleaner? One of the two possibly.

I'm at a complete loss. I've just tried to do a reinstall following the guide that's around here somewhere. I've a 30gig SSD primary boot drive. Windows wants 15gig free to reinstall. Not going to happen considering the Windows directory is 10gig. I'd rather not clean reinstall for such a 'minor' problem, but I really miss that neat feature.

Any help provided greatly appreciated... Read more

A:No Start Search, no Win+F, but Constrained Search works?

hi and hello

Perform a SFC Scan (System File Check)

1. Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow

2. Type the following command, sfc /scannow and then press ENTER:

(A message will appear stating that 'The system scan will begin'. Be patient because the scan may take some time)

3. If any files require a replace SFC will replace them. You may be asked to insert your Windows 7 DVD for this process to continue

4. If everything is okay you should, after the scan, see the following message "Windows resource protection did not find any integrity violations"

5. After the scan has completed, close the command prompt window, restart the computer. (TIP repeat scan 3 times)
How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7 >>> How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7

How to Check / Repair the Windows System Files from a Command Prompt at Boot >>> SFC /SCANNOW : Run in Command Prompt at Boot

Read other 9 answers


I have a Windows 7 Home Premium x64 installation (i.e. one that does not attach to a domain) that needs to talk to a Samba share in a Kerberized (not AD) environment.

I have setup "Kerberos for Windows 4.0.1" and "Network Identity Manager" and they are successfully able to obtain a Kerberos ticket from the KDC used by the Samba share.

How do I now get Windows Explorer to use that ticket when accessing the share?


A:How do I integrate Kerberos with Windows Explorer?

After consulting with some network admin friends, the only way we see that working properly is to upgrade to win 7 pro and adding the system to the domain. LDAP/Kerberos is a tricky beast

Read other 2 answers

We have a situation where users are getting locked out after 2 logon attempts with bad passwords. Our policy is three bad passwords produces a lockout, but we've confirmed that it locks after only 2. In troubleshooting this, we found that every time a
user send logon credentials, two kerberos tickets are generated. To AD, after the second attempt, four "bad" tickets have been sent. How in the world do we begin tracing this down?

A:Kerberos Ticket Generated at Logon Sent Twice

I am reviving an old thread strictly for the sake of posting our fix. This happened again on a single machine in our environment and I remembered that I posted something here. I failed to return to relate the solution.
Turns out that a year or two before I started at my current job, a Group Policy Preference was created to force a particular encryption type (RC4-HMAC) to allow machines to connect to our Windows 2003 Server DCs. The GPP maintained a setting in the registry:
HKLM\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters.  The value is called
DefaultEncryptionType and was set to 17 (hex). Removing the value corrected the issue for us.

Read other 5 answers

Hi, I am testing Windows 7 OS in our domain and found that Kerberos authentication to UNIX domain from Windows 7 is not working. It is prompting for a password everytime I connect to a unix host and not going throuh pass-through authentication. This works perfectly fine on Windows XP OS in our environment.

Is there any setting that needs to be done to make this working from Windows 7 client?


A:Kerberos Authentication to UNIX from Windows 7 OS

Hi there could you try disabling User Account Control in Windows 7?
Control Panel\User Accounts and Family Safety\User Accounts\Change User Account Control Settings. Bring it all the way to the bottom.

Read other 2 answers

I've got a fairly new 2003 Active Directory and recently I have had two independent reports of users not being able to get into a file server that they were able to one week before. After a log off and log on they have been ok.

I believe this is due to the fact the users haven't logged off in a week and their Kerberos credentials expired. So I've checked domain policy and it seems that the policies are as follows:

Maximum lifetime for service ticket 600 minutes
Maximum lifetime for user ticket 10 hours
Maximum lifetime for user ticket renewal 7 days
The last one was of interest here so I just changed it to 60 days.

Maximum lifetime for user ticket renewal 60 days
I would like to ask what people's opinion's are on this, especially if there are any other veteran mcses out there, regarding the security implications of this change.

Read other answers


I meet a strange problem with IE to access from the web a public URL with Kerberos SSO enabled for LAN acces (of course, SSO can't work for external access).
A single URL is wanted for internal (LAN) and external(web) access.

# Client:
O/S: Windows 7
Browsers: IE11 + Firefox 44

# Server
O/S: Windows Server 2012 R2
Web server: Tomcat 7

# Authentication
Windows AD : 2012
Kerberos + SSO

# URL to access web portal with HTTPS/TLSv1.2: 2 existing FQDN
Public FQDN: xyz.corp.fr (reachable from web)
Internal FQDN: a-b-xyz.corp.fr and a-b-xyz.corp.local (reachable from LAN)


Notebooks have to access web portal from LAN or web (roaming users).
For both LAN and web access, only one public URL is wanted to access web portal: https://xyz.corp.fr .


From LAN, to get SSO with IE11, I just have to add https://xyz.corp.fr in "Local intranet" securitiy zone.
But if the notebook is connected from the web, the URL https://xyz.corp.fr does not work ("This page can't be displayed") !

To solve this problem, I have to move https://xyz.corp.fr to "Trusted sites" security zone of IE or at least delete the URL from "Local Intranet" zone.
Then, if the notebook have to connect from LAN, SSO does not work anymore since https://xyz.corp.fr is no more in "Local Intranet" security zone.

NB: - no problem with Firefox 44 that does not use "security zones" concept
- problem got on 4 different PC under W7
- no problem... Read more

Read other answers

Our PCs doesn't have TPM header. And many users don't like to plug/unplug USB flashdrive in every morning and evening.

Can we use contactless such as NFC smartcard to unlock BitLocker? On boot time, the mainboard can read the NFC smartcard?

Read other answers

Is it possible and if yes how to logon in windows 10 (home version 64-bits) with a smartcard?
Open Source software?
Microsoft build-in?
I already installed the drivers for the smartcard reader and the middleware.
I have a Belgian Eid card and I can connect to sites which need a smartcard so that is ok.
thanks in advance, gabri?l

Read other answers

Hey, im trying to enable smartcard login/bitlocker for my win7 (7100)
all i get is this error

A smart card was detected but is not the one required for the current operation. The smart card you are using may be missing required driver software or a required certificate

A:smartcard login

A commen reason for this, is that the "Certificate Propagation" service is set to manual by default.
Check if both of the following services are running; "Smart Card" and "Certificate Propagation". Both have to be started, so unless you use your SmartCard very rarely, I'd recommend you set them to "automatic".

This should give you a message that the driver was installed. That's for the minidriver which should get you back up and running.

Please note, that I've seen instances where the driver (the minidriver) wasn't able to be automatcially installed even though the Certificat Propagation service was started. If so, just go to Windows Update (after you've started that service) and it shoudl appear as an optional download to install.

Microsoft Developer Division

Read other 9 answers

Hello all, My T470p has a SmartCard reader and I was wondering whether it's possible to use it to read EVM cards (Debit cards, credit cards, etc) with software to process billing and payments? It's very difficult to find information on this online. If so, which software allows me to do this? Many thanks

Read other answers

in our company we have laptops Dell Latitude E5570, OS Windows 10.
Many users report that they have problem with smart card reader - problem is that thay can't sign in with smart card because Windows doesn't recognise SmartCard. 
Hardware ID: USB\VID_0A5CPID_5832&REV_0101&MI_01
Problem is that device suddenly is not installed anymore. After restart everything works normally. We wanted to install newer driver for that model so we downlaoded and installed latest driver from Dell site - Dell ControlVault2 Driver and Firmware.
We noticed that offical driver for this model install old driver from 2006 - Microsoft Usbccid Smartcard Reader (WUDF) and we think this could be cousing the problem.
Do you have any expirience with such a problem? Can you give me link for newer driver? Maybe original Broadcom driver, not Microsoft..
Hardware ID: USB\VID_0A5CPID_5832&REV_0101&MI_01

Thanks in advance!


Read other answers

Is it possible and if yes how to logon in windows 10 (home version 64-bits) with a smartcard?
Open Source software?
Microsoft build-in?
I already installed the drivers for the smartcard reader and the middleware.
I have a Belgian Eid card and I can connect to sites which need a smartcard so that is ok.
thanks in advance, gabri?l

Read other answers

Is there anyone out there who has experience of smart card readers and their installation under win 95. You will probably tell me don't bother. I am getting to that stage.

I have some win95 PC's with another users legacy software (requiring 95) but I have a newer application that will run on 95 but requires the installation of a USB Omnikey Cardman 5121. I have a driver, i have installed the 95 USB patch but I get a yellow exclamation in Device Manager (code 2). It's driving me nuts. I have tried a couple of different drivers from the Omnikey website.

I am close to upgrading to 98 as I know the reader will work on this. What I don't know is if the legacy app will.

Read other answers

We have recently changed our SharePoint on-premise authentication method from NTLM only to Kerberos/NTLM. Since then when we try to login from Internet (no kerberos) IE causes trouble getting a 401 (Unauthorized) due to the fact that it does not fall back
to NTLM, but wants to use Kerberos instead. This behaviour only applies to IE and Edge, other browsers like Chrome or Firefox due proper NTLM. The Response Header I see in IE is correct (WWW-Authenticate: Negotiate, NTLM), though. Just that both IE or Edge
always only try kerberos which fails fro outside our corporate network or VPN. It doesn't look to me like it owuld be a Firewall or IIS Server issues, since other browsers (non-Microsoft) do properly work with NTLM within the same scenario. BTW, there is a
similar situation with Dynamics CRM on-premise, I am not an expert here, but with this when trying to browse the internal URL from WAN (which might not be the right approach, but firewall-wise it is allowed), we get the same issue with IE/Edge. Using internet-faced
deployment URL for CRM via ADFS, this works with IE/Edge too from outside corporate network. This seems to be the same cause, these browsers to not fall back to NTLM if Kerberos isn't available.
After I got my Kerberos Ticket once, until it expires or I purge it, I can work with these browser from outside LAN too.
IE security Settings is set to Enable Integrated Windows Authenticaton and servers in charge are members of Local Intranet Security zone
... Read more

Read other answers

Has anyone used or is it technically possible to use ATA to look at Kerberos interactions with domain controllers ahead of a forest functional upgrade from 2003?
Our AD has been in-place since around ~2004, although the DC are now running Windows 2008 R2 the FFL for Forest and Domain is 2003. We want to upgrade but are aware that upgrade from 2003 resets the krbtgt password and shifts from HMAC-RC4 to AES-256.
Whilst Windows clients should deal with this, non-Windows servers and apps will need to be tested and a plan put together. The first issue is identifying non-Windows clients that are using Kerberos, aggregating and reporting. Whilst trawling for Kerberos activity
it makes sense to also look at who is still using NTLM as well as LDAP.
I'm aware that this isn't really the purpose of ATA but based on the information it captures is the requirement outlined above something that ATA could be used to fulfil?
Paul Bendall

Read other answers

We had an alert on Win SERVER for Kerberos golden ticket activity, which says ticket usage was over a period of 13 hours which exceeded allowed maximum of 10 hours.
Need help to evaluate this alert.

Checked with AD team they confirmed no change in Group Policy has been made.
Now next where else we need to check for investigation for this alert.

Read other answers

Hello everyone, after looking for ages to fix this trouble I finally end up seeking for help on this forum!

First of all, excuse my poor english!

So, I just bought a brand new Acer Aspire 6920G notebook...pretty happy with it so far, a very good machine...The thing is : I'm having a pretty anoying problem, and this as been occuring since the very first day...Once in a while, my firefox freezes and I can't even shut it down or just reboot the laptop, I have to do it manualy which is very annoying and not quite good for the hardware I guess...

I checked on the event viewer and end up knowing that the only single error occuring is this one :

HttpEvent ID 15016 "unable
to initialize the security package kerberos for server side authentication.
the error continues in Event viewer.

That's the only error showing up there (beside the manual reboot) SO ... I have been trying to fix this and can't find a solution,, I would be grateful to anyone who could help me...thanks in advance!

Here's my HijackThis log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42:42, on 2008-09-28
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC... Read more

A:Trouble with error 15016 (Kerberos) Win Vista!!

Error just happen again with Google Chrome, so firefox isn't the problem...help me please!

Read other 2 answers

This is the only major showstopper for me in using Seven 95%

ActivIdentity USB Reader V2
ActiveClient 6.1

Both work fine in Vista 64 on the same box in dual boot.

In Vista the driver used is the generic MS usbccid.sys driver version 6.0.6001.18000 dated 6/1/2006

In Seven there are 4 MS drivers all version 6.1.7000.0 dated 6/21/2006:
- scfilter.sys
- WUDFUsbccidDriver.dll
- winusb.sys
- WUDFRd.sys

In Device Manager status I get the "This device Cannot Start. (code 10)" message.

If I uninstall the device and plug it back in I can see that Windows sees an ActivCard USB reader V2 (shows up in "Other Devices" while drivers are trying to install) but the install fails for the Microsoft Usbccid smartcard Reader (WUDF). I have tried the latest drivers to no avail.

Any help would be appreciated.

A:Smartcard reader issues

The new Microsoft Smartcard class driver (WudfUsbccid.dll) supports both CCID and ICCD Smartcard devices. Because of this, it does a sanity check on the device type reported by the hardware. Unfortunately, the ActivCard reader is really a CCID reader but its firmware is reporting itself as an ICCD device. Because of this, the driver failed to start. This is a known issue to Microsoft and it is being addressed. In the mean time, you may want to download the driver from the ActivCard web site instead of using the Microsoft in-box class driver.


Read other 9 answers

I need a smartcard reader KB, and the only one I see is:http://accessories.dell.com/sna/productdetail.aspx?c=us&l=en&s=dhs&cs=19&sku=332-1571
But my system (XPS8700) does not appear on the list of compatibility for that product.  Does that mean it would not work with my system?

Read other answers

I am having to enter my pin literally upwards of a hundred times per day.  I have counted, one website caused me to enter PIN 11 times to open the first page, click a link, do it all again.  Is there a PIN caching option that can be turned on?

Read other answers


We're implementing Eid smartcard logons in our environment.

* we export the user cert from the Eid card + root/intermediate certs, and install them on the domain controllers, and the local pc.
> add Eid cert to user via user mapping in AD

* When you open the cert from the personal store, the certificate chain is correct.

When trying to logon with eid, we get an error stating that a "certificate cannot be found" on the card.
We can however open the cert with the eid software, and it's shown correctly.

CertUtil -SCInfo shows (short version :-) )

Exclude leaf cert:
Full chain:
Missing Issuer: SERIALNUMBER=202201, CN=Citizen CA, C=BE
  Issuer: SERIALNUMBER=202201, CN=Citizen CA, C=BE
  NotBefore: 28/01/2012 5:05
  NotAfter: 26/01/2017 1:59
  Subject: SERIALNUMBER=65092738539, G=Bugs, SN=Bunny, CN=Bugs Bunny (
Authentication), C=BE
  Serial: 1000000000000299f00d6e1dac7321ec
A certificate chain could not be built to a trusted root authority. 0x800b010a (
-2146762486 CERT_E_CHAINING)

Read other answers

I got myself a Yoga 370 with SmartCard reader and it is okay, but I would like to go higher in terms of processing power and RAM.So my requirements are:* SmartCard reader* 8th gen CPU* RAM up to  32GB, minimum 16GB* Yoga + touch + stylus* 2x USB-C, TB not required since there are no working docks anyway.* Backlit keyboard* Screen size 12-14" The main issue with selecting a laptop is the fact that there is a huge range of models, and each model has a very wide range of configurations, some include SmartCard and some don't, some have soldered-on RAM and some have a slot, like in case of 370. And I can't find a list of possible configurations... I have looked in to L380 yoga and it is almost perfect, but no SmartCard for some reason...Would really appreciate your help with this.

Read other answers

What can one tune in with a satellite dish and a reciever - sans the DTV or the DISHNETWORK smartcards???

Can the smartcards be re-programmed with the appropriate software?

BBC and NPR are good free downlinks, but they're not makin' cabin fever go away...

Any ideas?


A:smartcard reader software?

I'm going to give you the benefit of the doubt and think that you're not asking how to steal premium satellite programming, because you must know that's against the rules here.

My idea would be to pony up the bucks for the premium channels.

Read other 2 answers

Hello,this is about the Elitebook 2170p I now own (barebones ebay, bought the tray and battery seperate but with a samsung 850 pro I had laying around this thing is quite zippy  the integrated smartcard reader has a driver, but I dunno which smartcards are supported nor can I find instructions how to write to a card in order to lock my laptop to the card.  There seems to be no application to download in windows 10 and I dunno if there is one in windows 7 because I just installed windows 10, albeit with dual boot so if it's 7/bios only that would be cool. I saw some blank smart cards on ebay but I dunno if they are compatible, and then there is still the issue of the missing application to customize the smart card to ensure that my laptop can recognize it and it only.the elitebook 2170p has an alcor smart card reader.need some infoterramir 

Read other answers

T530-2394-3J8 new to me. Moved 250GB SSD from old V570 to this one and added a few drivers. Boot BIOS/MBR(legacy). Win 10 Pro 1803 and win7 Pro. Both 64bit. 1. Has a SmartCard Reader with what looks like 5 fingers/brushes way in for a card. Where do I get a card (ebay seems a zoo) and how would I set it up. I am assuming I get a card, stick it in, set up some info on it, and use it for something like logging in. I think I need an ISO 7816 card but I only see 2 varieties - SLE 4442 with 3 wide contacts, and 4428 with 4 wide. 2. security... I run win10 90% of the time except when I am playing old games like NWN on win7. Simple system - just Chrome browser and Thunderbird is about all I do, and don't browse where I shouldn't. Also have cybereason ransomfree running but use win10's AV. I clicked a link in security and got a browser page saying: Device protection in Windows Defender Security Center
Applies to: SecurityWindows 10Windows Defender for Windows 10

Windows Defender Security Center provides the following built-in security options to help protect your device from attacks by malicious software.

Core isolation
Core isolation provides added protection against malware and other attacks by isolating computer processes from your operating system and device. Select the Core isolation details link to change settings for core isolation features.

Memory integrity
Memory integrity is a feature of core isolation. By turning the Memory integrity setting to On, ... Read more

Read other answers

Hello everyone,

I'm searching for a tool that can make a usb flashdrive transform into a smartcard. I'm a simple student that wants to know more about smartcards and experiment with it.
Is there a tool that can do this? I prefer a free tool. Google didn't give me much results so I'm hoping this forum can help me out with this.

A:Convert a simple usb to a smartcard

Have a look at this:


How to Create a Virtual Smartcard With SafeHouse

A Guy

Read other 2 answers

Up till the last patch tuesday I had successfully disabled the "Insert Smartcard" login option on my win7 x64 laptop. Its been running like this for over a year. After the last set of updates it returned to my login screen.

I've tried editing the regisrty and disabling the smartcard provider. Yet it still remains a login option.

I've disbaled the smartcard in the group policies as a logon option. Yet it still remains.

I've disabled the smartcard service and while this fixes it in the current session when the machine is reboot the service is reset to automatic (after I set it to manual).

There seems to be no manner in which I can get rid of the opton.

Any suggestions please.

A:How to disable SmartCard login

Is this a company laptop or your own?

Read other 3 answers

Attempting to install an SCM SmartCard reader on a Win2k machine. Everything installs fine but when I insert my card I'm getting a "The specified smart card name is not recognized" error. My partner has the same error using her card. My bosses card reads fine. My card is not readable on his 2k desktop but does read on his XP notebook (XP recognizes and installs the reader, 2k needs installation). Installed latest driver with no luck. Our smartcard support team is baffled so I'm reaching out. Anyone have experience with this?

Platform: Win2k
Reader: SCM model SCR301, USB, driver version 2.10.01
Software: ActivCard Gold for CAC 2.2
SmartCard: Oberthur

Read other answers

i received the following alert many and many times on 2 of my exchange CAS Servers and don't know
whether it's a real attack or a false positive , as i check my security and scanned servers and didn't found anything
Suspicious account enumeration activity using Kerberos protocol, originating from   ( EXCAS01
, was detected. The attacker performed a total of 188
guess attempts for account names, 11
guess attempts matched existing account names in Active Directory.
Kindly advice !!

Read other answers