Event ID 4 - Kerberos Error - But no duplicate machine names.

[Ryan]

I’m getting Kerberos errors in the logs of two of my servers. The first
server is a SBS 2k3 R2 Premium server, the other is running Storage Server
2k3 R2. All the Kerberos errors logged point to the Vista install on one
dual-boot machine. Its XP install is named DellDim5150.LRG.local, while the
Vista install is named DellDim5150v.LRG.Local. Since the names are different
I don’t understand why this error is coming up. There aren’t any other
computers on the network with these names and I don’t see any duplicates when
browsing with adsiedit either.

Here’s the exact error:
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 4
Date: 01/03/2007
Time: 1:14:51 AM
User: N/A
Computer: PIRANHA
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
delldim5150v$. The target name used was cifs/Delldim5150.LRG.local. This
indicates that the password used to encrypt the kerberos service ticket is
different than that on the target server. Commonly, this is due to
identically named machine accounts in the target realm (LRG.LOCAL), and the
client realm. Please contact your system administrator.

Can anyone help me?

[Brian Delaney [MSFT]]

Hi Ryan,

This error is occuring because someone is trying to access a resource as
\\Delldim5150 when the machine is actually booted up with the name
delldim5150v.

When you attempt to access resources in this way the Kerberos KDC encrypts
the Kerberos service ticket with the password of the delldim5150 account
and then presents the ticket to delldim5150v which has a different
password. Since delldim5150v has a different password it cannot decrypt
the service ticket and the error KRB_AP_ERR_MODIFIED.

To prevent this ensure that you access the resources as \\delldim5150v when
the delldim5150v install is booted up.

Hope this helps,

Brian Delaney
Microsoft Canada
--

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>Thread-Topic: Event ID 4 - Kerberos Error - But no duplicate machine names.
>thread-index: AcdcF1rky3auGjw8SWqGIxc2HIvS8g==
>X-WBNR-Posting-Host: 216.223.91.74
>From: =?Utf-8?B?Unlhbg==?= <Ryan@discussions.microsoft.com>
>Subject: Event ID 4 - Kerberos Error - But no duplicate machine names.
>Date: Thu, 1 Mar 2007 07:36:18 -0800
>
>I’m getting Kerberos errors in the logs of two of my servers. The first
>server is a SBS 2k3 R2 Premium server, the other is running Storage Server
>2k3 R2. All the Kerberos errors logged point to the Vista install on one
>dual-boot machine. Its XP install is named DellDim5150.LRG.local, while
the
>Vista install is named DellDim5150v.LRG.Local. Since the names are
different
>I don’t understand why this error is coming up. There aren’t any
other
>computers on the network with these names and I don’t see any duplicates
when
>browsing with adsiedit either.
>
>Here’s the exact error:
>Event Type: Error
>Event Source: Kerberos
>Event Category: None
>Event ID: 4
>Date: 01/03/2007
>Time: 1:14:51 AM
>User: N/A
>Computer: PIRANHA
>Description:
>The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
>delldim5150v$. The target name used was cifs/Delldim5150.LRG.local. This
>indicates that the password used to encrypt the kerberos service ticket is
>different than that on the target server. Commonly, this is due to
>identically named machine accounts in the target realm (LRG.LOCAL), and
the
>client realm. Please contact your system administrator.
>
>Can anyone help me?
>
>

[Ryan]

"Brian Delaney [MSFT]" wrote:
> To prevent this ensure that you access the resources as \\delldim5150v when
> the delldim5150v install is booted up.

Thanks for taking the time to help me out, Brian.

Your explanation makes sense, but how do I make sure the system accesses
resources as \\delldim5150v? I notice some of these event in the middle of
the night when nobody would be using that system, other times are probably
when accessing network shares so I doubt it's all user initiated requests.

In case you were wondering if the computer wasn't joined properly, this
machine was added to the network using the SBS console and connect computer
and it all joined as expected.

[Brian Delaney [MSFT]]

I would suspect that someone may have a mapped network drive to
\\delldim5150 or a mapped printer. These persistent connections could
cause some traffic in the middle of the night as kerberos attempts to renew
its service tickets. There is no 100% sure way to ensure no one access
resources on this machine using the wrong machine name. The best way to
prevent this would be to avoid sharring resources on a dual boot machine.


Hope this helps,

Brian Delaney
Microsoft Canada
--

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>Thread-Topic: Event ID 4 - Kerberos Error - But no duplicate machine names.
>thread-index: AcdccW/i/A6uq+FZTDiiQ4G1kKNl2A==
>X-WBNR-Posting-Host: 216.223.127.158
>From: =?Utf-8?B?Unlhbg==?= <Ryan@discussions.microsoft.com>
>References: <ACBC0C4C-7AA9-404D-9BB2-0DC9730539C4@microsoft.com>
<zelmozGXHHA.5764@TK2MSFTNGHUB02.phx.gbl>
>Subject: RE: Event ID 4 - Kerberos Error - But no duplicate machine names.
>Date: Thu, 1 Mar 2007 18:21:08 -0800
>
>"Brian Delaney [MSFT]" wrote:
>> To prevent this ensure that you access the resources as \\delldim5150v
when
>> the delldim5150v install is booted up.
>
>Thanks for taking the time to help me out, Brian.
>
>Your explanation makes sense, but how do I make sure the system accesses
>resources as \\delldim5150v? I notice some of these event in the middle
of
>the night when nobody would be using that system, other times are probably
>when accessing network shares so I doubt it's all user initiated requests.
>
>In case you were wondering if the computer wasn't joined properly, this
>machine was added to the network using the SBS console and connect
computer
>and it all joined as expected.
>