![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 67%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
7,023 questions
Hi @Russell Ang
I thought I would jump in and give a few pointers to check that Kerberos is working as expected. These test are using NetTools, however, some of the functionality is available in other MS tools, but NetTools makes it easier to jump between tests.
Go to Authentication -> Sessions - confirm that the active session is Kerberos or Negotiate in the Auth column
In the Quick Search bar enter the name of the server logged onto and click search
In the search view double click on the server, In the Properties dialog, select the Delegation tab and right click on one of the Service Principal Names and select Request SPN
This will select the Kerberos Tickets option and display all the Kerberos tickets that have been cache, confirm that the selected SPN is in the list and also check the bottom area of screen for any error messages.
Select Authentication -> User Rights and click refresh - check the administrators group to see if the Attribute are set to D, this means that you have a restricted token and UAC is enabled for privileged users.
