Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Kerberos Error with Relocated Desktops

Status
Not open for further replies.
picarolio

picarolio

IS-IT--Management
Jun 7, 2007
9
0
0
US
Hello,

I'm a recent addition to the field and found tek-tips as a good starting point to add to my collection of resources.

We have 2003 Server and a single DC for the site. Two new computers were purchased and switched out with the ones being switched added to the design team. The ones that were moved to the design team had their name's changed to reflect their user.

Since then we have been recieving error 4 from Kerberos.


I have since then, removed the computers from AD and added them back to the domain without a success conclusion to the issue.

Thanks for the help.
 
Sort by date Sort by votes
Have you tried resetting the computer accounts in Active Directory? Open AD Users and Computers> find the directory where the computer accounts are held> right click the computer object and select Reset Account. Reboot the workstation and join the domain again.

Joey
A+, Network+, MCP
 
Upvote 0 Downvote
I reset the accounts and looked over the suggestions given by MS. None have panned out. The DNS server is working just fine, both computers do not even have NetBios installed, and I seriously doubt a hacker is playing middle man between the server and the two computers (since this error occured right when we transfered the computers to the new users within the same site).

Anyone have another idea?


Here is the error itself:

The kerberos client received a KRB_AP_ERR_MODIFIED error from the server (computer1). The target name used was (oldcomputer1name). This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (domain), and the client realm. Please contact your system administrator.
 
Upvote 0 Downvote
Are there any other errors such as a time sync problem, failure to contact DC? How about running klist or kerbtray.

This exact error occurred at one of our small remote sites but it also contained other errors relating to time sync, netlogon, DC unreachable, etc. The issue was found by a network tech who found fragmentation errors on the router. Oddly enough some units could log in with absolutely no errors and some could not.
 
Upvote 0 Downvote
No, no other related errors associated that I could find with this issue; infact, one of the PC's happened to have an installation issue with the company's proprietary program. After a complete wipe (including removing the computer from the AD) and rebuilding the PC then adding it back the error was still present.

I'll try those tools and report back, thanks.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bobadams52
  • Locked
  • Question
error 12 program swcocx in mas90
Replies
0
Views
165
bobadams52
bobadams52
Diane Sandstrom
  • Locked
  • Question
PDF with highlighting
Replies
2
Views
130
Diane Sandstrom
Diane Sandstrom
Flinx
  • Locked
  • Question
continuing issues with Windows 10 slow transfer to NAS
Replies
6
Views
204
pmonett
pmonett
Deniall
  • Locked
  • Question
Hyperlink error in email handling 1
Replies
10
Views
241
mikrom
mikrom
Shengfu
  • Locked
  • Question
PROBLEM WITH FILES IN FLASHDRIVE
Replies
3
Views
165
mikrom
mikrom

Part and Inventory Search

Sponsor

Back
Top