Kerberos Response Limit?

Kind of curious if anyone’s ever encountered this? I work in a high-security environment where there might be restrictions in place that I’m not aware of, so I’m not sure if one of those might be responsible, but I wondered if someone else bumped into it given the use of Powershell to query a lot of computers rapidly.

I wrote a Powershell script to check workstation backup software. Another guy wrote a tool to do just that by testing for the presence of a particular file, but it only does it for one computer at a time, which is not fun when one OU has about 500 computers. I used Test-Path to dip into the admin share remotely, but I notice if I don’t introduce a delay between each loop, I start getting a stream of false negatives at a certain point, and everything below that point tests $false. I assume there’s some sort of Kerberos response rate limitation that doesn’t flat out lock out my account, but is simply the domain controller putting a pause.

The reason why I look at Kerberos is because some computers don’t have accurate DNS records, so testing the admin share via hostname fails whereas accessing that same share with IP address instead succeeds, and my prior googling reveals that has to do with Kerberos tickets being issued that don’t match the real hostname.

If that’s the case, I’m wondering if running:

Get-WMIObject -ComputerName $IPAddress -ClassName CIM_DataFile -Filter "drive='C:' AND path='\Program Files\BackupSoftware\' AND extension='ext'" 

Would bypass my Kerberos issue by not using it at all? Perhaps even let me run it in parallel?

submitted by /u/N7Valiant
[link] [comments]

Leave a Reply