A blog with focus on Windows 10 and cloud <solutions
RSS icon Email icon Home icon

  • Vista SP1 change causes Kerberos problems

    Posted on October 14th, 2007 By Andreas Stenhall + No comments

    After installing SP1 I can no longer access my network shares which contain my Documents. After contacting Microsoft they have concluded that there actually is a change in the way Windows Vista SP1 handle Kerberos communication. The changes affect only when you use Active Directory to store accounts which is then mapped using altSecurityIdentity to use the password from an external Kerberos server. In my case we are using a Heimdal Kerberos server but the problem might affect users of MIT Kerberos as well. Logging in to the Windows system itself is not a problem, the only problem seems to be when accessing file shares (using CIFS).

    Until the Heimdal Kerberos is patched to solve this problem there is a work around for the problem. On the client computer you have to add a registry key with your domain name and then add a REG_SZ value named “SpnMappings” with the value “.your.domain.com” in the registry key below:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ 
    Kerberos\HostToRealm\YOUR.DOMAIN.COM

    After restarting the computer you can access the network share as expected.