Kerberos KRB_AP_ERR_MODIFIED error
I got some issue with Active Directory. There is a server with me with a faulty motherboard, and I want to take it offline for sometime to get it solved. Each day when the aircon goes off in the building, outside of my control, the clock on the board runs fast, approx 2 days per min. I have other server that can handle the load for the time required. But I cannot get active directory up and running on the replacement server. The faulty server is running Windows 2000 Server SP4 fully patched. The replacement is running Server 2003 SP1 fully patched. Below is the error message that I am getting:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server SING-NT02$. The target name used was cifs/sing-nt02. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm, and the client realm.
Any ideas?
Re: Kerberos KRB_AP_ERR_MODIFIED error
I guess that kerberos will fail incase 2 machines time is off by more than 5 minutes, you will need to check the clock on both and see if that fixes the issue.
Re: Kerberos KRB_AP_ERR_MODIFIED error
Thanks for responding, but I am not at the machine right now, but both machines are picking up time using nistimew, so they should be fine I think.
Re: Kerberos KRB_AP_ERR_MODIFIED error
Can you try to check the DCPROMO.LOG file under %systemroot%\debug whether all got fine or not? Also, as per the error, is it happening for one client or too many? If it is happening for only one, then try to reset the computer account. You need to also check the secure channel first.
NLTEST /SC_QUERY:domain-name.com
You can download the NLTEST support tool from here - http://technet.microsoft.com/en-us/l...=ws.10%29.aspx