Go Back   TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Become a Member!
Forgot your username/password?
Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Event ID 4 - Kerberos Error - But no duplicate machine names.

Windows Server Help


Reply
 
Thread Tools Search this Thread
  #1  
Old 01-03-2007
Ryan
 
Posts: n/a
Event ID 4 - Kerberos Error - But no duplicate machine names.

Iím getting Kerberos errors in the logs of two of my servers. The first
server is a SBS 2k3 R2 Premium server, the other is running Storage Server
2k3 R2. All the Kerberos errors logged point to the Vista install on one
dual-boot machine. Its XP install is named DellDim5150.LRG.local, while the
Vista install is named DellDim5150v.LRG.Local. Since the names are different
I donít understand why this error is coming up. There arenít any other
computers on the network with these names and I donít see any duplicates when
browsing with adsiedit either.

Hereís the exact error:
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 4
Date: 01/03/2007
Time: 1:14:51 AM
User: N/A
Computer: PIRANHA
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
delldim5150v$. The target name used was cifs/Delldim5150.LRG.local. This
indicates that the password used to encrypt the kerberos service ticket is
different than that on the target server. Commonly, this is due to
identically named machine accounts in the target realm (LRG.LOCAL), and the
client realm. Please contact your system administrator.

Can anyone help me?


Reply With Quote
  #2  
Old 02-03-2007
Brian Delaney [MSFT]
 
Posts: n/a
RE: Event ID 4 - Kerberos Error - But no duplicate machine names.

Hi Ryan,

This error is occuring because someone is trying to access a resource as
\\Delldim5150 when the machine is actually booted up with the name
delldim5150v.

When you attempt to access resources in this way the Kerberos KDC encrypts
the Kerberos service ticket with the password of the delldim5150 account
and then presents the ticket to delldim5150v which has a different
password. Since delldim5150v has a different password it cannot decrypt
the service ticket and the error KRB_AP_ERR_MODIFIED.

To prevent this ensure that you access the resources as \\delldim5150v when
the delldim5150v install is booted up.

Hope this helps,

Brian Delaney
Microsoft Canada
--

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>Thread-Topic: Event ID 4 - Kerberos Error - But no duplicate machine names.
>thread-index: AcdcF1rky3auGjw8SWqGIxc2HIvS8g==
>X-WBNR-Posting-Host: 216.223.91.74
>From: =?Utf-8?B?Unlhbg==?= <Ryan@discussions.microsoft.com>
>Subject: Event ID 4 - Kerberos Error - But no duplicate machine names.
>Date: Thu, 1 Mar 2007 07:36:18 -0800
>
>Iím getting Kerberos errors in the logs of two of my servers. The first
>server is a SBS 2k3 R2 Premium server, the other is running Storage Server
>2k3 R2. All the Kerberos errors logged point to the Vista install on one
>dual-boot machine. Its XP install is named DellDim5150.LRG.local, while

the
>Vista install is named DellDim5150v.LRG.Local. Since the names are

different
>I donít understand why this error is coming up. There arenít any

other
>computers on the network with these names and I donít see any duplicates

when
>browsing with adsiedit either.
>
>Hereís the exact error:
>Event Type: Error
>Event Source: Kerberos
>Event Category: None
>Event ID: 4
>Date: 01/03/2007
>Time: 1:14:51 AM
>User: N/A
>Computer: PIRANHA
>Description:
>The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
>delldim5150v$. The target name used was cifs/Delldim5150.LRG.local. This
>indicates that the password used to encrypt the kerberos service ticket is
>different than that on the target server. Commonly, this is due to
>identically named machine accounts in the target realm (LRG.LOCAL), and

the
>client realm. Please contact your system administrator.
>
>Can anyone help me?
>
>


Reply With Quote
  #3  
Old 02-03-2007
Ryan
 
Posts: n/a
RE: Event ID 4 - Kerberos Error - But no duplicate machine names.

"Brian Delaney [MSFT]" wrote:
> To prevent this ensure that you access the resources as \\delldim5150v when
> the delldim5150v install is booted up.


Thanks for taking the time to help me out, Brian.

Your explanation makes sense, but how do I make sure the system accesses
resources as \\delldim5150v? I notice some of these event in the middle of
the night when nobody would be using that system, other times are probably
when accessing network shares so I doubt it's all user initiated requests.

In case you were wondering if the computer wasn't joined properly, this
machine was added to the network using the SBS console and connect computer
and it all joined as expected.
Reply With Quote
  #4  
Old 04-03-2007
Brian Delaney [MSFT]
 
Posts: n/a
RE: Event ID 4 - Kerberos Error - But no duplicate machine names.

I would suspect that someone may have a mapped network drive to
\\delldim5150 or a mapped printer. These persistent connections could
cause some traffic in the middle of the night as kerberos attempts to renew
its service tickets. There is no 100% sure way to ensure no one access
resources on this machine using the wrong machine name. The best way to
prevent this would be to avoid sharring resources on a dual boot machine.


Hope this helps,

Brian Delaney
Microsoft Canada
--

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>Thread-Topic: Event ID 4 - Kerberos Error - But no duplicate machine names.
>thread-index: AcdccW/i/A6uq+FZTDiiQ4G1kKNl2A==
>X-WBNR-Posting-Host: 216.223.127.158
>From: =?Utf-8?B?Unlhbg==?= <Ryan@discussions.microsoft.com>
>References: <ACBC0C4C-7AA9-404D-9BB2-0DC9730539C4@microsoft.com>

<zelmozGXHHA.5764@TK2MSFTNGHUB02.phx.gbl>
>Subject: RE: Event ID 4 - Kerberos Error - But no duplicate machine names.
>Date: Thu, 1 Mar 2007 18:21:08 -0800
>
>"Brian Delaney [MSFT]" wrote:
>> To prevent this ensure that you access the resources as \\delldim5150v

when
>> the delldim5150v install is booted up.

>
>Thanks for taking the time to help me out, Brian.
>
>Your explanation makes sense, but how do I make sure the system accesses
>resources as \\delldim5150v? I notice some of these event in the middle

of
>the night when nobody would be using that system, other times are probably
>when accessing network shares so I doubt it's all user initiated requests.
>
>In case you were wondering if the computer wasn't joined properly, this
>machine was added to the network using the SBS console and connect

computer
>and it all joined as expected.
>


Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Tags: , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Event ID 4 - Kerberos Error - But no duplicate machine names."
Thread Thread Starter Forum Replies Last Post
Event ID 3 Kerberos TomJerzey Active Directory 3 05-06-2008 01:33 PM
Kerberos error event ID:4 Adam Raff Windows Server Help 6 18-04-2008 02:17 PM
Event ID 3 Kerberos KDC_ERR_S_PRINCICAL_UNKNOWN Delil Active Directory 3 06-03-2007 12:52 AM
Event ID: 537 Kerberos Evan Windows Server Help 4 22-10-2006 09:16 AM
Kerberos Error Event ID 4 danv2006 Windows Server Help 2 30-06-2006 02:44 AM


All times are GMT +5.5. The time now is 08:18 PM.