Good morning everyone.
I've been working with a Microsoft support technician for the last several days on a problem that appears related to delegation and/or Kerberos. The domain is running in a 2003 mixed mode operations level and the two domain controllers are both using Windows Server 2003 with SP2 installed.
The member servers in question are the only Windows Server 2008 R2 servers that have been added to the domain. The problem is encountered when an HTTP request is being processed with in IIS. The request references resources hosted in a different IIS Application Pool on the same server; a hop from one w3wp to another is made. But the credentials from the first application pool are NOT included in the request header to the second. I've verified this using Fiddler.
Putting the problem aside for a minute, the individual who I'm working with has told me several times now that are Kerberos errors that will be displayed when Kerberos logging is DISABLED. At first I thought he was just covering after checking the LogLevel DWORD in the Parameters key even though there were numerous errors in the System Event Log while we were working on the problem. But then he sent me a request to run a procmon trace with the logging disabled last night.
In the last 10+ years of working with Microsoft Server Operating Systems I've never seen a Kerberos error displayed unless logging is enabled. I don't even know how it is possible for the WMI Provider to make decisions related to logging a particular severity with the logging is completely disabled; without that registry key the provider should just be excluding all Kerberos related events.
While I am skeptical about this, I wanted to pose the question because I'm sure there are a million things that I have not seen before. This one just doesn't sound right to me. So the question is:
Has anyone ever seen or heard of Kerberos errors appearing in the System Event Log when Kerberos logging is DISABLED?
I appreciate the feedback, thank you.
