Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Active Directory User Account -- krbtgt

Status
Not open for further replies.
Rosee

Rosee

IS-IT--Management
Dec 12, 2001
187
US
We have just upgraded Windows 2000 server from NT.

From active directory, there is an user account named "krbtgt" with the description "key distribution center service account". What is this? What does this account use for? I don't have anyone using this one as userID. Can I disable it or delete it?

If you know anything about it, please share with me. Thanks a lot.
 
Sort by date Sort by votes
The Windows 2000 Server uses the KRBTGT account as part of Kerberos authentication.

This account is disabled on Domain Controllers by default.

Unlike other user accounts, the krbtgt account cannot be used to log on to the domain and in fact, cannot be enabled

check out:



Hope this helps,
kev
 
Upvote 0 Downvote
Rosee,

a little more info...


"The security principal name used by the KDC in all Windows 2000 domains is krbtgt, as specified by RFC 1510. An account for this security principal is created automatically when a new Windows 2000 domain is created. The account cannot be deleted, nor can the account name be changed. A password is assigned to the KDC's account automatically;
this password, like the passwords assigned to domain trust accounts, is changed on a regular schedule. The password for the KDC's account is used to derive a secret key for encrypting and decrypting the TGTs that the KDC issues".


Patty [ponytails2]
 
Upvote 0 Downvote
Thanks all.

But the following was the message that I got from Event Viewer Security Log this morning:

Service Ticket Request Failed:
User Name:
User Domain:
Service Name: krbtgt/CMHHS.ORG
Ticket Options: 0x2
Failure Code: 0x20
Client Address: 127.0.0.1

It happened at 1:30AM last night with logon failed. What does this message try to tell me? If this one is disabled by default, why did it try to logon during night?
 
Upvote 0 Downvote
I have recieved similar messages on my network. and while things seem to run normally anyway, I was wondering if this is something I should be concerned about.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
318
goombawaho
goombawaho
julis2103
  • Locked
  • Question
Active Directory
Replies
0
Views
84
julis2103
julis2103
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
266
DrB0b
DrB0b
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
96
penguinroundup
penguinroundup
geneg28
  • Locked
  • Question
Active Directory and Linux Servers
Replies
0
Views
81
geneg28
geneg28

Part and Inventory Search

Sponsor

Back
Top