Results 1 to 5 of 5

Thread: Kerberos KRB_AP_ERR_MODIFIED error

  1. #1
    Join Date
    Aug 2006
    Posts
    114

    Kerberos KRB_AP_ERR_MODIFIED error

    I got some issue with Active Directory. There is a server with me with a faulty motherboard, and I want to take it offline for sometime to get it solved. Each day when the aircon goes off in the building, outside of my control, the clock on the board runs fast, approx 2 days per min. I have other server that can handle the load for the time required. But I cannot get active directory up and running on the replacement server. The faulty server is running Windows 2000 Server SP4 fully patched. The replacement is running Server 2003 SP1 fully patched. Below is the error message that I am getting:

    The kerberos client received a KRB_AP_ERR_MODIFIED error from the server SING-NT02$. The target name used was cifs/sing-nt02. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm, and the client realm.

    Any ideas?

  2. #2
    Join Date
    Nov 2005
    Posts
    930

    Re: Kerberos KRB_AP_ERR_MODIFIED error

    I guess that kerberos will fail incase 2 machines time is off by more than 5 minutes, you will need to check the clock on both and see if that fixes the issue.

  3. #3
    Join Date
    Aug 2006
    Posts
    114

    Re: Kerberos KRB_AP_ERR_MODIFIED error

    Thanks for responding, but I am not at the machine right now, but both machines are picking up time using nistimew, so they should be fine I think.

  4. #4
    Join Date
    Sep 2005
    Posts
    1,372

    Re: Kerberos KRB_AP_ERR_MODIFIED error

    Can you try to check the DCPROMO.LOG file under %systemroot%\debug whether all got fine or not? Also, as per the error, is it happening for one client or too many? If it is happening for only one, then try to reset the computer account. You need to also check the secure channel first.

    NLTEST /SC_QUERY:domain-name.com

    You can download the NLTEST support tool from here - http://technet.microsoft.com/en-us/l...=ws.10%29.aspx

  5. #5
    Join Date
    Oct 2005
    Posts
    449
    You can try to use Netdom.exe to reset machine account passwords of a Windows Server domain controller. Follow the below article that describes how to use Netdom.exe to reset machine account passwords of a domain controller in Windows Server 2008 R2, in Windows Server 2008, or in Windows Server 2003.

    http://support.microsoft.com/default...b;en-us;325850

Similar Threads

  1. Replies: 4
    Last Post: 11-02-2010, 10:48 PM
  2. Kerberos error event ID:4
    By Adam Raff in forum Windows Server Help
    Replies: 6
    Last Post: 18-04-2008, 02:17 PM
  3. KRB_AP_ERR_MODIFIED Kerberos ID 4
    By aDeeB! in forum Active Directory
    Replies: 2
    Last Post: 20-09-2007, 06:18 PM
  4. Kerberos Error Event ID 4
    By danv2006 in forum Windows Server Help
    Replies: 2
    Last Post: 30-06-2006, 02:44 AM
  5. Replies: 2
    Last Post: 29-03-2005, 06:45 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •