How to Reset Kerberos Following a Domain Admin Password Reset
By Dave Wilson
Microsoft Active Directory Services uses the Kerberos single sign-on authentication protocol to secure applications and services with public key encryption as they communicate across the network. When a user account that is used to access the Kerberos Key Distribution Center receives a new account password, the new password must be entered into the Kerberos KDC (Key Distribution Center) service login account in order to generate new keys that will be used to secure the Kerberos connections. Use the "Active Directory Users and Computers" and "Services" utilities in Windows Server 2008 computer to reset Kerberos after a Domain Administrator account password has changed so that the Domain Administrator account will again have login access.
Log in to the Windows Server 2008 computer using the username and password of an Active Directory Administrator account.
Click the "Start" button on the Windows Server 2008 desktop, then click "Administrative Tools" and click "Active Directory Users and Computers ."
Browse to the Users OU (Organizational Unit) in the window that appears. Right-click on the "krbtgt" object and click "Reset Password" in the menu that appears. Enter a new Kerberos service account password in the password text box that displays and then type the password again into the "Confirm Password" box. Click to clear the "User must change password at next logon" box and click "OK."
Click the "Start" button on the Windows Server 2008 computer then click "Administrator Tools" and click "Services." Right-click the "Kerberos Key Distribution Center" service and click "Properties" in the menu that appears. Click the "Log On" tab and type the new password into the "Password" text box and then type the new password into the "Confirm password" text box. Click the "OK" button.
Right-click the "Kerberos Key Distribution Center" service and click "Restart" in the menu that appears so that the service starts and logs in using the new password.
Dave Wilson has been writing technical articles since 1993, including manuals, instructional "how-to" tips and online publications with various websites. Wilson holds a Bachelor of Arts in psychology from the University of California, Los Angeles and has Microsoft, Cisco, and ISC2 (CISSP) technical certifications. He also has experience with a broad range of computer platforms, embedded systems, network appliances and Linux.