RE: The kerberos subsystem encountered a PAC verification failure...ISA2K & W2k3...

• From: "Steve Moffat" <steve@xxxxxxxxxx>
• To: "ISA Mailing List" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 22 Oct 2004 11:46:23 -0300

Indeed it is....that's in your internal subnet range, going with what's
below 

-----Original Message-----
From: Marvin Cummings [mailto:MarvinC@xxxxxxxxx] 
Sent: Friday, October 22, 2004 11:35 AM
To: ISA Mailing List
Subject: [isalist] RE: The kerberos subsystem encountered a PAC
verification failure...ISA2K & W2k3...

http://www.ISAserver.org

Correct. The site's accesible externally and internally nwo that I've
added it to my host file. My settings are listed as follows:
Back to Split-DNS
Internal IP: 192.168.1.8
External IP: 192.168.1.2
Router IP: 192.168.1.1
LAT: 192.168.1.0 - 192.168.1.255
Web Listener Config: 
   IP: 192.168.1.2
   TCP Port: 80
   SSL port: 443
   Enable SSL Listeners box checked
Web Listener Properties Sheet: 
   Server: ISA server
   IP Address: 192.168.1.2 - Maybe this is the problem????
   Use a server certificate to authenticate to web clients - box
unchecked
   Authentication: Basic with this domain - box unchecked
   Integrated box checked

thnks

On Fri, 22 Oct 2004 05:09:49 -0500, Thomas W Shinder
<tshinder@xxxxxxxxxxx> wrote:
> http://www.ISAserver.org
> 
> Hi Marvin,
> 
> I thought the other day we demonstrated that your site actually did 
> work. We were presented with a certificate and a log on dialog box.
> Can't say what would have happened after that, though.
> 
> What is the:
> 
> EXACT IP address information on each of the ISA firewall's interfaces 
> EXACT IP address information on each of the interfaces on the device 
> in front of the ISA firewall EXACT configuration of the Web Publishing

> Rule
> 
> Thanks!
> 
> Tom
> www.isaserver.org/shinder
> Tom and Deb Shinder's Configuring ISA Server 2004
> http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
> 
> 
> 
> -----Original Message-----
> From: Marvin Cummings [mailto:MarvinC@xxxxxxxxx]
> Sent: Friday, October 22, 2004 3:35 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] The kerberos subsystem encountered a PAC 
> verification failure...ISA2K & W2k3...
> 
> http://www.ISAserver.org
> 
> Anyone come across the following errors in their event log:
> 
> Event ID: 5719
> This computer was not able to set up a secure session with a domain 
> controller in domain mydomain due to the following:
> There are currently no logon servers available to service the logon 
> request.
> This may lead to authentication problems. Make sure that this computer

> is connected to the network. If the problem persists, please contact 
> your domain administrator.
> 
> ADDITIONAL INFO
> If this computer is a domain controller for the specified domain, it 
> sets up the secure session to the primary domain controller emulator 
> in the specified domain. Otherwise, this computer sets up the secure 
> session to any domain controller in the specified domain.
> 
> Event ID: 7
> The kerberos subsystem encountered a PAC verification failure.  This 
> indicates that the PAC from the client nuisasrvr$ in realm 
> my.domain.com had a PAC which failed to verify or was modified.
> Contact your system administrator.
> 
> This ISA server computer isn't a domain controller and I can access 
> the domain controller fine. The ISA server passes a netdiag fine so 
> I'm kinda lost on where to check next.
> 
> Any responses are appreciated.
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading 
> Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org Windows 
> Security Resource Site: http://www.windowsecurity.com/ Network 
> Security Library: http://www.secinf.net/ Windows 2000/NT Fax 
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> 
> 
> To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com Leading 
> Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org Windows 
> Security Resource Site: http://www.windowsecurity.com/ Network 
> Security Library: http://www.secinf.net/ Windows 2000/NT Fax 
> Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:

> marvinc@xxxxxxxxx To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

This E-Mail is confidential. It is not intended to be read, copied, disclosed 
or used by any person other than the recipient named above.

Unauthorised use, disclosure, or copying is strictly prohibited and may be 
unlawful. Optimum IT Solutions Ltd disclaims any liability for any action taken 
in connection of this E-Mail. The comments or statements expressed in this 
E-Mail are not necessarily those of Optimum IT Solutions Ltd or its 
subsidiaries or affiliates.

administrator@xxxxxxxxxx 

Other related posts:

• » The kerberos subsystem encountered a PAC verification failure...ISA2K & W2k3...
• » RE: The kerberos subsystem encountered a PAC verification failure...ISA2K & W2k3...
• » RE: The kerberos subsystem encountered a PAC verification failure...ISA2K & W2k3...
• » RE: The kerberos subsystem encountered a PAC verification failure...ISA2K & W2k3...
• » RE: The kerberos subsystem encountered a PAC verification failure...ISA2K & W2k3...
• » RE: The kerberos subsystem encountered a PAC verification failure...ISA2K & W2k3...
• » RE: The kerberos subsystem encountered a PAC verification failure...ISA2K & W2k3...

1. Home
2. isalist
3. Archive
4. 10-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---