Detections
Analytics

SMB Kerberos Not Working

info Nessus Plugin ID 242431

Synopsis

The scan was configured to use Kerberos for Windows authentication, but Kerberos failed for this host..

Description

The scan was configured to use Kerberos for Windows authentication, but Kerberos failed at least once for this host. There are many causes for Kerberos failure in a Windows environment. They include:

 * Lack of time synchronization between the DC, scanner and target.
 * DC or targets were not specified as FQDNs in the scan policy.
 * DNS name resolution of the DC or target failed at the scanner.
 * Reverse DNS resolution of the DC or target failed at the scanner.
 * Duplicate or missing SPNs on the DC or target.
 * Misconfigured scan credentials.

Nessus attempted to use NTLM instead to preserve scan continuity.

Note regarding the see-also link:
 Nessus does not require the scanner to be registered to the same domain as the DC or target. Nessus can be running on any platform; Windows, Linux or MacOS.

See Also

http://www.nessus.org/u?5d208aaa

Plugin Details

Severity: Info

ID: 242431

File Name: smb_kerberos_not_working.nasl

Version: 1.1

Type: local

Family: Settings

Published: 7/21/2025

Updated: 7/21/2025

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: SMB/kerberos_not_working