Environment
Novell Open Enterprise Server 2 SP3 (OES2SP3)
Novell Open Enterprise Server 11 (OES11)
Domain Services for Windows
DSfW
Novell Open Enterprise Server 11 (OES11)
Domain Services for Windows
DSfW
Situation
From a Windows XP workstation, try to remote control a Windows 7 Workstation using the steps below:
From Help and Support Center using Tools\Offer Remote Assistance, an administrator in the domain may offer assistance to users in the same domain or trusted domains without being asked.
Specify the computer name of the Windows 7 workstation that you wish to remote
control.
This will fail and the kdc.log will show:
Apr 23 13:55:34 OES2SP3-ADC krb5kdc[6835](info): TGS_REQ (5 etypes {18 17 23 24
-135}) 172.16.32.131: ISSUE: authtime 1335176726, etypes {rep=23 tkt=23
ses=23}, WINDOWS7$@NTS.COM for windows7$\@NTS.COM@NTS.COM
Apr 23 13:55:34 OES2SP3-ADC krb5kdc[6835](info): TGS_REQ (5 etypes {18 17 23 24
-135}) 172.16.32.131: NOT_ALLOWED_TO_DELEGATE: authtime 0, WINDOWS7$@NTS.COM
for windows7$\@NTS.COM@NTS.COM, KDC policy rejects request.
Remote control a Windows XP workstation from a Windows 7 workstation.
From a command prompt, execute msra /offerra, specify the name of the Windows XP that you wish to remote control.
This will fail and the kdc.log will show:
Apr 23 14:46:29 OES2SP3-ADC krb5kdc[6835](info): TGS_REQ (5 etypes {18 17 23 24
-135}) 172.16.32.131: LOOKING_UP_SERVER: authtime 0, Administrator@NTS.COM for
VMWARE2$@NTS.COM, Naming violation
Apr 23 14:46:29 OES2SP3-ADC krb5kdc[6835](info): TGS_REQ (5 etypes {18 17 23 24
-135}) 172.16.32.131: LOOKING_UP_SERVER: authtime 0, Administrator@NTS.COM for
VMWARE2$@NTS.COM, Naming violation
Apr 23 14:46:52 OES2SP3-ADC krb5kdc[6835](info): TGS_REQ (5 etypes {18 17 23 24
-135}) 172.16.32.131: LOOKING_UP_SERVER: authtime 0, Administrator@NTS.COM for
VMWARE2$@NTS.COM, Naming violation
Apr 23 14:46:52 OES2SP3-ADC krb5kdc[6835](info): TGS_REQ (5 etypes {18 17 23 24
-135}) 172.16.32.131: LOOKING_UP_SERVER: authtime 0, Administrator@NTS.COM for
VMWARE2$@NTS.COM, Naming violation
From Windows 7 Workstation to a Windows 7 Workstation using msra /offerra fails:
Apr 23 18:36:53 OES2SP3-DSFW krb5kdc[17643](info): TGS_REQ (5 etypes {18 17 23
24 -135}) 172.16.32.133: ISSUE: authtime 1335198558, etypes {rep=23 tkt=23
ses=23}, WINDOWS7PC2$@NTS.COM for windows7pc2$\@NTS.COM@NTS.COM
Apr 23 18:36:53 OES2SP3-DSFW krb5kdc[17643](info): TGS_REQ (5 etypes {18 17 23
24 -135}) 172.16.32.133: NOT_ALLOWED_TO_DELEGATE: authtime 0,
WINDOWS7PC2$@NTS.COM for windows7pc2$\@NTS.COM@NTS.COM, KDC policy rejects
request
From Help and Support Center using Tools\Offer Remote Assistance, an administrator in the domain may offer assistance to users in the same domain or trusted domains without being asked.
Specify the computer name of the Windows 7 workstation that you wish to remote
control.
This will fail and the kdc.log will show:
Apr 23 13:55:34 OES2SP3-ADC krb5kdc[6835](info): TGS_REQ (5 etypes {18 17 23 24
-135}) 172.16.32.131: ISSUE: authtime 1335176726, etypes {rep=23 tkt=23
ses=23}, WINDOWS7$@NTS.COM for windows7$\@NTS.COM@NTS.COM
Apr 23 13:55:34 OES2SP3-ADC krb5kdc[6835](info): TGS_REQ (5 etypes {18 17 23 24
-135}) 172.16.32.131: NOT_ALLOWED_TO_DELEGATE: authtime 0, WINDOWS7$@NTS.COM
for windows7$\@NTS.COM@NTS.COM, KDC policy rejects request.
Remote control a Windows XP workstation from a Windows 7 workstation.
From a command prompt, execute msra /offerra, specify the name of the Windows XP that you wish to remote control.
This will fail and the kdc.log will show:
Apr 23 14:46:29 OES2SP3-ADC krb5kdc[6835](info): TGS_REQ (5 etypes {18 17 23 24
-135}) 172.16.32.131: LOOKING_UP_SERVER: authtime 0, Administrator@NTS.COM for
VMWARE2$@NTS.COM, Naming violation
Apr 23 14:46:29 OES2SP3-ADC krb5kdc[6835](info): TGS_REQ (5 etypes {18 17 23 24
-135}) 172.16.32.131: LOOKING_UP_SERVER: authtime 0, Administrator@NTS.COM for
VMWARE2$@NTS.COM, Naming violation
Apr 23 14:46:52 OES2SP3-ADC krb5kdc[6835](info): TGS_REQ (5 etypes {18 17 23 24
-135}) 172.16.32.131: LOOKING_UP_SERVER: authtime 0, Administrator@NTS.COM for
VMWARE2$@NTS.COM, Naming violation
Apr 23 14:46:52 OES2SP3-ADC krb5kdc[6835](info): TGS_REQ (5 etypes {18 17 23 24
-135}) 172.16.32.131: LOOKING_UP_SERVER: authtime 0, Administrator@NTS.COM for
VMWARE2$@NTS.COM, Naming violation
From Windows 7 Workstation to a Windows 7 Workstation using msra /offerra fails:
Apr 23 18:36:53 OES2SP3-DSFW krb5kdc[17643](info): TGS_REQ (5 etypes {18 17 23
24 -135}) 172.16.32.133: ISSUE: authtime 1335198558, etypes {rep=23 tkt=23
ses=23}, WINDOWS7PC2$@NTS.COM for windows7pc2$\@NTS.COM@NTS.COM
Apr 23 18:36:53 OES2SP3-DSFW krb5kdc[17643](info): TGS_REQ (5 etypes {18 17 23
24 -135}) 172.16.32.133: NOT_ALLOWED_TO_DELEGATE: authtime 0,
WINDOWS7PC2$@NTS.COM for windows7pc2$\@NTS.COM@NTS.COM, KDC policy rejects
request
Resolution
Windows XP to Windows 7 remote assistance is not supported by Microsoft.
Windows 7 to Windows 7 remote assistance has been addressed in a Field Patch, please contact Novell Support to request the Field Patch until it is released in a Maintenance Patch.
Besides the FTF, in order for offer remote assistance to work, the GPO which is directly / or indirectly assigned to workstations has to be modified.
The following 2 settings have to be modified:
Computer Configuration -> Polices -> Administrative Templates -> System ->
Remote Assistance.
1. Solicited Remote Assistance
2. Offer Remote Assistance
Specify the RA helpers here, for example DOMAINNAME\Domain Admins group.
Windows 7 to Windows 7 remote assistance has been addressed in a Field Patch, please contact Novell Support to request the Field Patch until it is released in a Maintenance Patch.
Besides the FTF, in order for offer remote assistance to work, the GPO which is directly / or indirectly assigned to workstations has to be modified.
The following 2 settings have to be modified:
Computer Configuration -> Polices -> Administrative Templates -> System ->
Remote Assistance.
1. Solicited Remote Assistance
2. Offer Remote Assistance
Specify the RA helpers here, for example DOMAINNAME\Domain Admins group.