Tags: Kerberos, Networking, Server Manager, Windows, Windows Firewall, Windows Firewall with Advanced Security, Windows Server 2008 R2
I’ve just recently added a Windows Server 2008 R2 machine to my network with a domain controller running Windows Server 2003 SBS. Everything seemed to be working fine for a couple days (not sure why it lasted that long) when I started getting an error message like this:
The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you.
A search on the Internet turned up a solution on Microsoft’s support website. The article says that the KB content has been retired, but the solution worked for me.
The article says that the problem occurs because the network firewall filters Kerberos traffic. The solution is to open up port 88 for both TCP and UDP. This solved the problem for me.
Note that on previous versions of the firewall it was a LOT easier to open up a port. On Windows Server 2008 R2, here is what you have to do.
- In Server Manager navigate to Configuration -> Windows Firewall with Advanced Security -> Outbound Files.
- Click New Rule.
- Select Port and click Next.
- Select TCP and Specific remote ports, type 88 for the port number, then click Next.
- Click Allow the connection and click Next.
- Select the network profile you want to allow this for then click Next.
- Type a name (such as Open Kerberos Traffic (TCP)), then click Finish.
Do the same thing for UDP and you should be done.
- Microsoft support article
- How to configure the new Windows Server 2008 advanced firewall MMC snap-in by David Davis