Windows xp kerberos ticket

So, i hope i figured it out. Please try to install kb on your XP Client and try to join the domain. This updated fixed the issue on my XP Machine. I tried the patches.

But no luck for me. My win XP still failed to join to domain. Still having the same error - An Internal error occurred. Unfortunately, this patch doesn't work for me as well. The same error :. Probably it is another patch or combination of some other patches. Office Office Exchange Server. Not an IT pro? Resources for IT Professionals.

Sign in. United States English. Ask a question. Quick access. Search related threads. Remove From My Forums. Asked by:. Archived Forums. Windows Server General. Sign in to vote. Thursday, October 11, PM. What error do you get when you are trying to join Windows XP to domain? We have "an internal error occurred". Do you have the same? This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode.

Is this page helpful? Please rate your experience Yes No. Any additional feedback? Important You must be at least a Domain Admin , or equivalent, to run all the parameters of this command. Submit and view feedback for This product This page. View all page feedback. In this article. Denotes the high part of the user's locally unique identifier LUID , expressed in hexadecimal. If neither —lh nor —li are present, the command defaults to the LUID of the user who is currently signed in.

Denotes the low part of the user's locally unique identifier LUID , expressed in hexadecimal. Default value:. This parameter can be used to influence the HTTP status code in the case of a handshake. If the handshake is successful, OK is sent. This default behavior has therefore been changed as of 5. It is possible to restore the old behavior by setting the parameter sendAccepted to the value true default value: false.

It is only possible to set this parameter using a corresponding entry in the fs-jaas. The KerberosLoginModule is entered in the websso area of the fs-jaas. In addition, the following new area must be added in the same file, at the end of the file:.

The paths and domain names must be adjusted according to the local system. The following parameters must be adjusted:. The path to the Kerberos-Keytab file is given here, which contains the private key, mostly in different encryption methods e. This file must be created first, as described in the following Chapter. A normal user account is first created on the Windows Domain Controller. The password must not expire and the user must not be able to change it.

The password is irrelevant and is overwritten in the next step. The "Use DES encryption for this account" option must not be activated, otherwise Kerberos will not work with RC4 encryption, and this is used, e. A private key to the service principle name is now created on the Windows Domain Controller with RC4 encryption, which is normally the standard method in mixed networks that use Windows XP, Vista, 7, or as well as other operating systems:.

If other crypto-algorithms are to be used to increase security, and these are supported by Kerberos-Realm and the clients, other keytab files can be created, for example, for AES