I previously posted on Terminal Server group but think this group may be more
appropriate
I'm not sure if the source and destination servers are not relevant to my
issue I saw suddenly from 27th Feb a ten times increase in the size of a
firewall logfile and found the vast majority i.e. around 90% of the records
were showing Kerberos traffic between 1 terminal server and 1 DC. I am not
aware of any MS patches having been pushed on the day this started adn we
also have several TS servers and a few DC's but all this logging is
specifically coming from one TS and specifically only going to one of our
DC's.
Has anyone else seen this sort of thing happen.
The actual scale of this change is that we used to log around 300,000
records a day on our firewall which is now logging around 3,000,000 so around
2.7 million kerberos packets being sent everyday from a TS box to a DC on a
TS server that maybe services at most 10 concurrent users.
|
Similar Threads
Linear Mode
