Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Kerberos is not used when you connect to SMB shares by using IP address

Kerberos is not used when you connect to SMB shares by using IP address

Symptoms

When you connect to remote Server Message Block (SMB) services shares by using \\192.x.y.z\share name, Kerberos is not used, and the Internet Protocol (IP) SMB file share access does not use Kerberos. A network trace shows the following Kerberos error in the KRB_ERROR:

Server not found in Kerberos database

↑ Back to the top

Cause

By default, Microsoft Windows Server 2003 and Microsoft Windows 2000 try to use Kerberos as the security provider. When a client uses Kerberos to authenticate itself to a server, the client requests a session ticket for the Service Principal Name (SPN). IP addresses are not names, so Kerberos is not used. After this occurs, the server goes through the list of the other supported security providers.

↑ Back to the top

Status

This behavior is by design.

↑ Back to the top

More Information

IP addresses typically change, and it is not workable to add these addresses as SPNs. An SPN can be one of the following:

  • The DNS name for the domain.
  • The DNS name of a host.
  • The distinguished name of a service connection point object.

↑ Back to the top

Keywords: kb, kbbillprodsweep, kbprb, kbnetwork, kbenv

↑ Back to the top

Article Info
Article ID : 322979
Revision : 6
Created on : 8/20/2020
Published on : 8/20/2020
Exists online : False
Views : 150