Kerberos Security Ticket

[timwescott]

I'm getting the error message, (shown between the dotted lines at the end of this message), every 30 day on one of our two domain controllers. The current work around is to reboot the DC, but this is not a satisfactory solution.

I've tried all the suggestions from MS and various other forums, but no fix as yet, but I've not logged this with MS yet.

The last thing I've tried is to remove AD from the server and then promote it back in as a DC.


Any help appreciated.

-------------------------------------------------
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/servername.domain.com.
The target name used was GC/servername.domain.com/domain.com.
This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server.
Commonly, this is due to identically named machine accounts in the target realm (domain.com), and the client realm.
-------------------------------------------------

 

[Dublin73]

did you run dcdiag on the problem domain controller?

 

[theravager]

Sounds like it maybe a dns record issue, possible a ptr one. Have a browse through all the dns for your domain and make sure the ips for the domain controllers are correct.

It also could be from a 2nd nic not being diabled on a dc, self registering a 169 address.

Theres a few other things that can cause this but i would check the above 2 first.

 

[timwescott]

Thanks for the responses so far.

DCDIAG showed an error 0x00000457, but I don't think this is releated.

DNS looks fine and all non-used NIC's are disabled in both DC's.


Tim

 

[ecunupe]

I would make sure DNS is correct. This is probably due to another system using the IP address. That has a stale record in DNS. Make sure you have scavenging on the Zones and the DNS server.

 

[ITPangaeaArchitect]

it could also potentially be a duplicate spn, although you should have other errors stating somtething similar to that...

-Brandon Wilson
MCSE00/03, MCSA:Messaging00, MCSA03, A+