Go Back   TechArena Community > Technical Support > Computer Help > Windows Server > Active Directory
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Kerberos KRB_AP_ERR_MODIFIED error

Active Directory


Reply
 
Thread Tools Search this Thread
  #1  
Old 05-12-2005
Member
 
Join Date: Aug 2006
Posts: 115
Kerberos KRB_AP_ERR_MODIFIED error

I got some issue with Active Directory. There is a server with me with a faulty motherboard, and I want to take it offline for sometime to get it solved. Each day when the aircon goes off in the building, outside of my control, the clock on the board runs fast, approx 2 days per min. I have other server that can handle the load for the time required. But I cannot get active directory up and running on the replacement server. The faulty server is running Windows 2000 Server SP4 fully patched. The replacement is running Server 2003 SP1 fully patched. Below is the error message that I am getting:

The kerberos client received a KRB_AP_ERR_MODIFIED error from the server SING-NT02$. The target name used was cifs/sing-nt02. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm, and the client realm.

Any ideas?

Reply With Quote
  #2  
Old 05-12-2005
Member
 
Join Date: Nov 2005
Posts: 930
Re: Kerberos KRB_AP_ERR_MODIFIED error

I guess that kerberos will fail incase 2 machines time is off by more than 5 minutes, you will need to check the clock on both and see if that fixes the issue.
Reply With Quote
  #3  
Old 05-12-2005
Member
 
Join Date: Aug 2006
Posts: 115
Re: Kerberos KRB_AP_ERR_MODIFIED error

Thanks for responding, but I am not at the machine right now, but both machines are picking up time using nistimew, so they should be fine I think.
Reply With Quote
  #4  
Old 05-12-2005
Member
 
Join Date: Sep 2005
Posts: 1,359
Re: Kerberos KRB_AP_ERR_MODIFIED error

Can you try to check the DCPROMO.LOG file under %systemroot%\debug whether all got fine or not? Also, as per the error, is it happening for one client or too many? If it is happening for only one, then try to reset the computer account. You need to also check the secure channel first.

NLTEST /SC_QUERY:domain-name.com

You can download the NLTEST support tool from here - http://technet.microsoft.com/en-us/l...=ws.10%29.aspx
Reply With Quote
  #5  
Old 18-01-2006
Member
 
Join Date: Oct 2005
Posts: 449
You can try to use Netdom.exe to reset machine account passwords of a Windows Server domain controller. Follow the below article that describes how to use Netdom.exe to reset machine account passwords of a domain controller in Windows Server 2008 R2, in Windows Server 2008, or in Windows Server 2003.

http://support.microsoft.com/default...b;en-us;325850
Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Server > Active Directory
Tags:



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Kerberos KRB_AP_ERR_MODIFIED error"
Thread Thread Starter Forum Replies Last Post
The kerberos client received a KRB_AP_ERR_MODIFIED error and Failedto query SPN registration on DC 'hostname_ho.domainname.local' Inonino Active Directory 4 11-02-2010 10:48 PM
Kerberos error event ID:4 Adam Raff Windows Server Help 6 18-04-2008 02:17 PM
KRB_AP_ERR_MODIFIED Kerberos ID 4 aDeeB! Active Directory 2 20-09-2007 06:18 PM
Kerberos Error Event ID 4 danv2006 Windows Server Help 2 30-06-2006 02:44 AM
The Kerberos subsystems encountered a PAC verification error Dan S Windows Security 2 29-03-2005 06:45 PM


All times are GMT +5.5. The time now is 10:11 AM.