Service pack information
To resolve this problem, obtain the latest service pack for Windows Server 2003 and apply the registry change detailed below to disable PAC validation. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
889100 How to obtain the latest service pack for Windows Server 2003
After you obtain the latest service pack for Windows Server 2003, turn off PAC verification for services.
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.In Windows Server 2003 SP2, you can turn off PAC verification for services. To do this, add the ValidateKdcPacSignature registry entry to the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Add the ValidateKdcPacSignature entry as an entry of type DWORD on the servers that are authenticating users in application services. These servers may include domain controllers. When the value of this entry is 0, Kerberos does not perform PAC validation on a process that runs as a service. When the value of this entry is 1, Kerberos performs PAC validation as usual. You have to restart the computer after you modify this registry entry. When this entry is not present, the system behaves as if the entry were present and has a value of 1. The default value in Windows Server 2008 for this entry is 0.
For more information about how to enable debug logging for the Net Logon service, click the following article number to view the article in the Microsoft Knowledge Base: 109626 Enabling debug logging for the Net Logon service