Anyone else having Kerberos errors?

pdsnickles

Member
I had this on my HP which I returned for MCE's and now I see it here on my new Dell XP430 as well.

The ERROR is an HTTP Event 15016 and under General it says "Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number."

And under Details it says:
" Name] Microsoft-Windows-HttpEvent


[ Guid] {7b6bc78c-898b-4170-bbf8-1a469ea43fc5}


[ EventSourceName] HTTP


- EventID 15016


[ Qualifiers] 49152



Version 0


Level 2


Task 0


Opcode 0


Keywords 0x80000000000000

- TimeCreated


[ SystemTime] 2009-04-12T21:13:07.363Z



EventRecordID 24054


Correlation

- Execution


[ ProcessID] 4


[ ThreadID] 52



Channel System


Computer DellXPS430


Security
- EventData

DeviceObject \Device\Http\ReqQueue

SecurityPackage Kerberos


000004000200300000000000A83A00C00000000000000000000000000000000000000000000000000E030980
Binary data:

In Words
0000: 00040000 00300002 00000000 C0003AA8
0008: 00000000 00000000 00000000 00000000
0010: 00000000 00000000 8009030E

In Bytes
0000: 00 00 04 00 02 00 30 00 ......0.
0008: 00 00 00 00 A8 3A 00 C0 ....¨:.À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 0E 03 09 80 ...€



------------------
Of course I have no idea what any of this means. :huh:


But I see these Kerberos errors appearing several times a day on my new computer. And some research on the net shows that other people are having freezes and other major problems relating to this so I thought I should try to nip this in the bud before my system also has symptoms from these errors.


So when I click on the link at the bottom of my Events description it says this:
"
Source: Microsoft-Windows-HttpEvent Version: 6.0 Symbolic Name: EVENT_HTTP_AUTH_SCHEME_INIT_FAILED Message: Unable to initialize the security package %2 for server side authentication. The data field contains the error number. Resolve

Ignore this error

This event occurred because you are using a Windows Server 2008 or Windows Vista configuration that does not have and does not require a security package for HTTP service authentication. You can safely ignore this error.
Verify

You can safely ignore this error."


But then there are many posts below the link (Event ID 15016 — HTTP Service Authentication) that say things like this:


"

Ignore, maybe, but the system (Vista Home Premium SP1) hang sporaticallly and the GUI is locked. Mouse moves, but all windows cannot be accessed.... The HD light cycled rhythmically to a particular beat, showing it is looking for something, but not getting a response.

So, there is a definite issue here, at least on my system."


And:
"So Microsoft how exactly do I "ignore" this error? My computer keeps rebooting, I can ignore the error message but I cant ignore the fact that my computer just rebooted and I have to start my download over again, or deal with any unsaved work being deleted. I have papers that I need to write for school and if I keep having problems with your operating system I'm going to stop buying Microsoft products. Make me a happy customer..."

Users posted a "fix" there of changing IE settings for Intranet but I tried that and it did not stop the Errors from occuring.

I also read where this seems to have something with getting authentification to access the net and someone thought it may have to do with their McAfee firewall. I am having problems with my AVG Firewall having problems in accessing the net to get its updates automatically - I have to manually make it connect even though I am connected at the time to the net - so I am thinking maybe it's an AVG issue?

Okay. Any ideas here?
 

My Computer

System One

  • Manufacturer/Model
    DELL XPS 430
    CPU
    Intel Core™2 Q8200 Quad-Core (4MB L2 cache,2.33GHz,133
    Motherboard
    7200RPM, SATA 3.0Gb/s, 16MB Cache
    Memory
    6GB Dual Channel DDR3 SDRAM at 1066MHz - 4 DIMMs
    Graphics Card(s)
    ATI Radeon HD3650 256MB Graphics (Integrated)
    Sound Card
    Integrated 7.1 Audio (IDT/Sigmatel 6.10.0.6017)
    Monitor(s) Displays
    Dell -1901FP Flat Panel LCD Color Monitor
    Screen Resolution
    1024 x 768 32 bit
    Hard Drives
    750 gig SATA 7200 C drive
    External Seagate 160gig
    " Western Book 160 gig
    " Hitachi 250 gig
    ALL USB except C drive
    Mouse
    Microsoft Intellimouse Trackball - (best design ever made!)
    Keyboard
    Logitech ITough Multimedia
    Internet Speed
    ATT Yahoo Elite DSL 4797kbps down, 624kbps up

rive0108

Vista Guru
Gold Member
Kerberos is a computer network authentication protocol, which allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. It is also a suite of free software published by Massachusetts Institute of Technology (MIT) that implements this protocol. Its designers aimed primarily at a client-server model, and it provides mutual authentication — both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks.
Kerberos builds on symmetric key cryptography and requires a trusted third party. Extensions to Kerberos can provide for the use of public-key cryptography during certain phases of authentication.
source:http://en.wikipedia.org/wiki/Kerberos_(protocol)
 

My Computer

System One

  • CPU
    T7600G Core2Duo 2.66 Ghz
    Motherboard
    Intel 945PM + ICH7 Chipset
    Memory
    4GB DDR2 PC2-5300 667MHz
    Graphics Card(s)
    Mobility Radeon x1900 256MB
    Sound Card
    Realtek HD
    Monitor(s) Displays
    WUXGA 17"
    Screen Resolution
    1920X1200
    Hard Drives
    640GB 7200RPM SATA/RAID 0 (2x320GB)
    and 320GB 7200RPM External
    Mouse
    Wireless Microsoft 3000
    Internet Speed
    10 mbps/2 mbps
    Other Info
    Optical Drive:
    Panasonic UJ-220 DL BD-RE (Blu-Ray)

H2SO4

A bit of a numpty
Vista Guru
And to add to what rive0108 is saying, Kerberos on Windows is used exclusively in an "Active Directory" (AD) domain setting. Servers which are AD domain controllers (DCs) are also KDCs - Kerberos authenticators. No AD means no KDCs, and hence no Kerberos.

That's why there's a reference to "intranet" in one of those postings you quoted. Kerberos authentication was being used between the browser and intranet web servers, all of which were domain members also.

You can safely ignore this error on your standalone machine. The box on which I type this logs the same event on startup, also because it's not a domain member.
 

My Computer

pdsnickles

Member
Thanks to both above for those answers.

I believe you, KS04 when you say I can safely ignore this error, but I am curious:
Then why are so many people on the MS site re this error (Event ID 15016 — HTTP Service Authentication) claiming to have crashes related to this error, it not happening until they installed SP2, etc. etc.. and some claiming that changing their IE settings fixed it, etc.?

Are they just mistaken? And you are saying this error cannot and will not cause these or other crashes? (I'm just confused about this apparent contradiction of opinions...)
:huh::confused:
 

My Computer

System One

  • Manufacturer/Model
    DELL XPS 430
    CPU
    Intel Core™2 Q8200 Quad-Core (4MB L2 cache,2.33GHz,133
    Motherboard
    7200RPM, SATA 3.0Gb/s, 16MB Cache
    Memory
    6GB Dual Channel DDR3 SDRAM at 1066MHz - 4 DIMMs
    Graphics Card(s)
    ATI Radeon HD3650 256MB Graphics (Integrated)
    Sound Card
    Integrated 7.1 Audio (IDT/Sigmatel 6.10.0.6017)
    Monitor(s) Displays
    Dell -1901FP Flat Panel LCD Color Monitor
    Screen Resolution
    1024 x 768 32 bit
    Hard Drives
    750 gig SATA 7200 C drive
    External Seagate 160gig
    " Western Book 160 gig
    " Hitachi 250 gig
    ALL USB except C drive
    Mouse
    Microsoft Intellimouse Trackball - (best design ever made!)
    Keyboard
    Logitech ITough Multimedia
    Internet Speed
    ATT Yahoo Elite DSL 4797kbps down, 624kbps up

H2SO4

A bit of a numpty
Vista Guru
Yes, I believe that most of those posts are misjudging cause and effect. Like all events, this one gets logged at some very specific point in the code - when a particular check finds the absence of kerberos-related configuration. I'm 193% certain that your machine does not do Kerberos at all, and that the event is benign on the vast majority of machines, especially in the absence of more specific symptoms. However, if the complaint was "I'm having trouble authenticating to an intranet server via kerberos and my machine is a domain member", obviously the error suddenly becomes far more significant.

These "me too!" threads sometimes go off on tangets of their own...

Poster1: "Hey, I get eventID 15016 on startup. Should I worry?"
P2: "Me too. My machine is a bit flakey though. Do you think it's related?"
P3: "Mine's also flakey. I think I saw that event once but it definitely crashes when I run MyFavGame.exe. Help!"
P4: "Mine doesn't crash in that game but it BSODs as soon as that event is logged"
P5: "I also get a BSOD. It says MACHINE_CHECK_EXCEPTION. Should I uninstall MyFavGame?"

So in the end, you've got this absolute mess of symptoms which probably have absolutely nothing to do with each other, but the posters all feed off each other's inherent need to perceive a commonality, or even a conspiracy, and instead of helping each other their posts actually hinder deterministic troubleshooting.

Good on ya for looking at your event logs though :)
 

My Computer

H2SO4

A bit of a numpty
Vista Guru
Check out this dude's post, about half-way down the page:

"My Vist64 business hangs sometimes too. The screens becomes black but the PC is still running.

In the Eventviewer are three Errors on every shutdown.
1. Event 1101 Eventlog ...
2. Event 6008 EventLog ...That the System wasnt correctly shuting down
3. Event 15016 HttpEvent ..Kerveros... --> this is the Error where we here talking about "

So he's got some sort of hang, and mentions a shutdown issue, which immediately makes other people with shutdown problems come out of the woodwork and start paying attention to EventID 15016 because it's obviously the cause. In fact, the only link is the fact that his machine logs the event on shutdown. So does mine, and yet I shut down like a ... uh.. I dunno, something that shuts down well and quick ;)

It's not the poster's fault. They're just in trouble and not particularly adept at troubleshooting. It's a skill that's learned over time.
 

My Computer

pdsnickles

Member
Okay, H2S04, that makes total sense. I was even speculating that might be the case, myself (that people on that thread were just guessing, not really sure, that kerberos was their problem.

Now that I know about Event Viewer, I will check there whenever I have problems. In fact, just for this first month of my new computer I may check daily! :o

Did XP have this Event Viewer log? I'm sure it must have, but I never knew about it! I actually got pretty familiar with how to troubleshoot and fix my own XP but Vista is new and mysterious to me. Guess I have no choice but to learn some of it, though.

Okay, you can consider this thread solved and closed, as far as I'm concerned! Thanks again!


Check out this dude's post, about half-way down the page:

"My Vist64 business hangs sometimes too. The screens becomes black but the PC is still running.

In the Eventviewer are three Errors on every shutdown.
1. Event 1101 Eventlog ...
2. Event 6008 EventLog ...That the System wasnt correctly shuting down
3. Event 15016 HttpEvent ..Kerveros... --> this is the Error where we here talking about "

So he's got some sort of hang, and mentions a shutdown issue, which immediately makes other people with shutdown problems come out of the woodwork and start paying attention to EventID 15016 because it's obviously the cause. In fact, the only link is the fact that his machine logs the event on shutdown. So does mine, and yet I shut down like a ... uh.. I dunno, something that shuts down well and quick ;)

It's not the poster's fault. They're just in trouble and not particularly adept at troubleshooting. It's a skill that's learned over time.
 

My Computer

System One

  • Manufacturer/Model
    DELL XPS 430
    CPU
    Intel Core™2 Q8200 Quad-Core (4MB L2 cache,2.33GHz,133
    Motherboard
    7200RPM, SATA 3.0Gb/s, 16MB Cache
    Memory
    6GB Dual Channel DDR3 SDRAM at 1066MHz - 4 DIMMs
    Graphics Card(s)
    ATI Radeon HD3650 256MB Graphics (Integrated)
    Sound Card
    Integrated 7.1 Audio (IDT/Sigmatel 6.10.0.6017)
    Monitor(s) Displays
    Dell -1901FP Flat Panel LCD Color Monitor
    Screen Resolution
    1024 x 768 32 bit
    Hard Drives
    750 gig SATA 7200 C drive
    External Seagate 160gig
    " Western Book 160 gig
    " Hitachi 250 gig
    ALL USB except C drive
    Mouse
    Microsoft Intellimouse Trackball - (best design ever made!)
    Keyboard
    Logitech ITough Multimedia
    Internet Speed
    ATT Yahoo Elite DSL 4797kbps down, 624kbps up

H2SO4

A bit of a numpty
Vista Guru
Yeah, the Event Viewer subsystem has been around as long as NT itself. It's just a place for any OS component or app to record whatever information it feels like. You specify the event "ID", the type (info/warning/error), the description, any additional data, and it simply gets logged.

That openness also means that different vendors or even different MS apps can have substantially different ideas as to what should be logged and when. My app might continuously flood the event logs with supposedly dire warnings over niggling details, while yours doesn't bother going beyond one or two "informational" events even for outright crashes.

Searching the web to try to understand a particular event, the way you did, is a good strategy.
 

My Computer

pdsnickles

Member
Yeah, the Event Viewer subsystem has been around as long as NT itself. It's just a place for any OS component or app to record whatever information it feels like. You specify the event "ID", the type (info/warning/error), the description, any additional data, and it simply gets logged.

That openness also means that different vendors or even different MS apps can have substantially different ideas as to what should be logged and when. My app might continuously flood the event logs with supposedly dire warnings over niggling details, while yours doesn't bother going beyond one or two "informational" events even for outright crashes.

Searching the web to try to understand a particular event, the way you did, is a good strategy.
Hey, thanks for that information. I thought it was Windows deciding what to put in there. So in other words, Kerberos should probably not have made that an Error, it should just be a Warning, if anything.

What I don't understand though is why is Kerberos even on my computer and making an error if I'm not even using it? Is this something that will probably be changed in an update or Service Pack?

Just curious.

It's good to know that info - that these apps put in these Events, not MS - so that I can take those messages "with a grain of salt". I'll investigate them before I freak out.

I just checked my Events log and today there was only one Kerberos error today, so that's weird. On the 1st day there was 1, then 2nd day, 5, then 3rd day, 1 and 4th day, 1. I'm curious and going to check into when those 5 occured on the 4th day as opposed to only 1 or 2 on the other days.
 

My Computer

System One

  • Manufacturer/Model
    DELL XPS 430
    CPU
    Intel Core™2 Q8200 Quad-Core (4MB L2 cache,2.33GHz,133
    Motherboard
    7200RPM, SATA 3.0Gb/s, 16MB Cache
    Memory
    6GB Dual Channel DDR3 SDRAM at 1066MHz - 4 DIMMs
    Graphics Card(s)
    ATI Radeon HD3650 256MB Graphics (Integrated)
    Sound Card
    Integrated 7.1 Audio (IDT/Sigmatel 6.10.0.6017)
    Monitor(s) Displays
    Dell -1901FP Flat Panel LCD Color Monitor
    Screen Resolution
    1024 x 768 32 bit
    Hard Drives
    750 gig SATA 7200 C drive
    External Seagate 160gig
    " Western Book 160 gig
    " Hitachi 250 gig
    ALL USB except C drive
    Mouse
    Microsoft Intellimouse Trackball - (best design ever made!)
    Keyboard
    Logitech ITough Multimedia
    Internet Speed
    ATT Yahoo Elite DSL 4797kbps down, 624kbps up

pdsnickles

Member
Hey, I know I said this case was closed, but although the original question IS explained to my satisfaction, I have a related discovery:

I did some closer looking at my Event log to see what is happening just before these kerberos errors. As it turns out, each and every time there is this message which is an INFO event:

""File system filter luafv has successfully loaded and registered with Filter Manager."

Aha! That Search Filter Host thing again...

But here's what's interesting to me. I typed in the error message on google and came up with this thread. (I hope it's okay to link to another forum's thread when it relates to an issue that we are discussing here):
First logon delayhttp://tinyurl.com/czzl4s

Now, I don't understand all that stuff they're talking about, but maybe you, H2S04 or rive0108 or ? might be able to put it into simpler terms for me if you are so inclined. I thought you might be interested, H2S08 because you said you also get this error at startup.

I didn't understand their fix nor their tweaking around with the "vlan configuration" but I thought it might? be a fix for this non-problem but perhaps annoying "event".
 

My Computer

System One

  • Manufacturer/Model
    DELL XPS 430
    CPU
    Intel Core™2 Q8200 Quad-Core (4MB L2 cache,2.33GHz,133
    Motherboard
    7200RPM, SATA 3.0Gb/s, 16MB Cache
    Memory
    6GB Dual Channel DDR3 SDRAM at 1066MHz - 4 DIMMs
    Graphics Card(s)
    ATI Radeon HD3650 256MB Graphics (Integrated)
    Sound Card
    Integrated 7.1 Audio (IDT/Sigmatel 6.10.0.6017)
    Monitor(s) Displays
    Dell -1901FP Flat Panel LCD Color Monitor
    Screen Resolution
    1024 x 768 32 bit
    Hard Drives
    750 gig SATA 7200 C drive
    External Seagate 160gig
    " Western Book 160 gig
    " Hitachi 250 gig
    ALL USB except C drive
    Mouse
    Microsoft Intellimouse Trackball - (best design ever made!)
    Keyboard
    Logitech ITough Multimedia
    Internet Speed
    ATT Yahoo Elite DSL 4797kbps down, 624kbps up

H2SO4

A bit of a numpty
Vista Guru
As it turns out, each and every time there is this message which is an INFO event:

""File system filter luafv has successfully loaded and registered with Filter Manager."

Aha! That Search Filter Host thing again...
The word "filter" is used and abused in many places in software architecture. A "file system filter driver" is very different from the "SearchFilterHost". Luafv.sys is a (filter) driver used to "virtualise" app access to sensitive areas of the file system in order to protect the OS and other apps. It has no direct connection to the SearchFilterHost.

V:\>driverquery |find "luafv"
luafv UAC File Virtualizatio File System 19-Jan-08 4:59:06 PM

But here's what's interesting to me. I typed in the error message on google and came up with this thread. (I hope it's okay to link to another forum's thread when it relates to an issue that we are discussing here):
First logon delay

Now, I don't understand all that stuff they're talking about, but maybe you, H2S04 or rive0108 or ? might be able to put it into simpler terms for me if you are so inclined. I thought you might be interested, H2S08 because you said you also get this error at startup.
I do understand it, but it's irrelevant to your query. They're talking about a mechanism called NAP (Network Access Protection) which is used to ensure that clients wanting to connect to a large corporate domain meet certain "health" standards - their AV is of a particular version, they've applied updates, and so on. You're not subject to NAP policies on your standalone machine.

Since there's no mention of an eventID 15016 in that thread, I assume you linked to it based on the "luafv has successfully loaded..." message. Luafv does that on everyone's machine. This is how those "me too!" threads start growing exponentially :)

I didn't understand their fix nor their tweaking around with the "vlan configuration" but I thought it might? be a fix for this non-problem but perhaps annoying "event".
My suggestion is to not go overboard with wanting your event logs to look pristine. They never will, unless the box is artificially cut off and used as an experient in event log cleanliness. Instead, it might be better to use the Reliability Monitor to see at a glance whether there's something you really need to worry about. It's good at summarising the morass of info that's the event log.
 

My Computer

pdsnickles

Member
My suggestion is to not go overboard with wanting your event logs to look pristine. They never will, unless the box is artificially cut off and used as an experient in event log cleanliness. Instead, it might be better to use the Reliability Monitor to see at a glance whether there's something you really need to worry about. It's good at summarising the morass of info that's the event log.
Point taken.
I didn't know about the Reliability Monitor. That's a good tool to know about. Thanks.
 

My Computer

System One

  • Manufacturer/Model
    DELL XPS 430
    CPU
    Intel Core™2 Q8200 Quad-Core (4MB L2 cache,2.33GHz,133
    Motherboard
    7200RPM, SATA 3.0Gb/s, 16MB Cache
    Memory
    6GB Dual Channel DDR3 SDRAM at 1066MHz - 4 DIMMs
    Graphics Card(s)
    ATI Radeon HD3650 256MB Graphics (Integrated)
    Sound Card
    Integrated 7.1 Audio (IDT/Sigmatel 6.10.0.6017)
    Monitor(s) Displays
    Dell -1901FP Flat Panel LCD Color Monitor
    Screen Resolution
    1024 x 768 32 bit
    Hard Drives
    750 gig SATA 7200 C drive
    External Seagate 160gig
    " Western Book 160 gig
    " Hitachi 250 gig
    ALL USB except C drive
    Mouse
    Microsoft Intellimouse Trackball - (best design ever made!)
    Keyboard
    Logitech ITough Multimedia
    Internet Speed
    ATT Yahoo Elite DSL 4797kbps down, 624kbps up
Top