• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1265
  • Last Modified:

Kerberos Problems

We have a single domain consisting of a main site (2 DC's) (Exchange & FileServer) & 2 remote sites. Each remote site having it's own server (DC). Recently complaints have been coming from one of the remote sites complaining of Outlook popping up login boxes. Also they can't get to file shares located on our file server which is located at the main office. For the past week this problem has been getting worse. All locations have connectivity so that is not the problem. Seems to be a DNS problem because if I change the domain name in the Outlook to the IP Address it connects to exchange and works fine. Seems to be either corrupt DNS/WINS or Replication issues. Simple things like clicking on start, run, typing in a unc name like //hsvr the server cannot resolve. It says \\hsvr is not accessible. You might not have permission to use the network resource,etc,etc,etc. If you browse for the hsvr server it can see it but comes up with the same error when you dbl-click on it. If I stop the KDC service and then try those same commands it works fine and brings up the shares on the HSVR server. Going bald trying to solve this.  Any advice would be greatly appreciated !


(Errors from the System Log) The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/navasota.mid.south.  The target name used was cifs/navasota.mid.south. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named  machine accounts in the target realm (MID.SOUTH), and the client realm.   Please contact your system administrator.
(Errors from DNS logs)
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
(DCDIAG)
 
Domain Controller Diagnosis
 
Performing initial setup:
   Done gathering initial info.
 
Doing initial required tests
   
   Testing server: Montgomery\MSVR
      Starting test: Connectivity
         ......................... MSVR passed test Connectivity
 
Doing primary tests
   
   Testing server: Montgomery\MSVR
      Starting test: Replications
         REPLICATION-RECEIVED LATENCY WARNING
         MSVR:  Current time is 2008-11-18 16:01:51.
            DC=DomainDnsZones,DC=mid,DC=south
               Last replication recieved from NAVASOTA at 2008-09-19 07:40:38.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!
               Last replication recieved from HUNTSVILLE at 2008-09-19 07:53:15.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!
               Last replication recieved from HSVR at 2008-09-19 06:55:44.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!
               Last replication recieved from EXCHANGE at 2008-09-19 07:53:15.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!
            DC=ForestDnsZones,DC=mid,DC=south
               Last replication recieved from NAVASOTA at 2008-09-19 07:40:38.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!
               Last replication recieved from HUNTSVILLE at 2008-09-19 07:53:15.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!
               Last replication recieved from HSVR at 2008-09-19 06:55:44.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!
               Last replication recieved from EXCHANGE at 2008-09-19 07:53:15.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!
            CN=Schema,CN=Configuration,DC=mid,DC=south
               Last replication recieved from NAVASOTA at 2008-09-19 07:40:38.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!
               Last replication recieved from HUNTSVILLE at 2008-09-19 07:53:14.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!
               Last replication recieved from HSVR at 2008-09-19 06:55:44.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!
               Last replication recieved from EXCHANGE at 2008-09-19 07:53:15.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!
            CN=Configuration,DC=mid,DC=south
               Last replication recieved from NAVASOTA at 2008-09-19 10:49:40.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!
               Last replication recieved from HUNTSVILLE at 2008-09-19 10:52:48.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!
               Last replication recieved from HSVR at 2008-09-19 10:46:49.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!
               Last replication recieved from EXCHANGE at 2008-09-19 10:52:49.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!
            DC=mid,DC=south
               Last replication recieved from NAVASOTA at 2008-09-19 10:52:49.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!
               Last replication recieved from HUNTSVILLE at 2008-09-19 10:52:49.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!
               Last replication recieved from HSVR at 2008-09-19 10:43:29.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!
               Last replication recieved from EXCHANGE at 2008-09-19 10:52:49.
               WARNING:  This latency is over the Tombstone Lifetime of 60 days!
         REPLICATION-RECEIVED LATENCY WARNING
          Source site:
         CN=NTDS Site Settings,CN=Huntsville,CN=Sites,CN=Configuration,DC=mid,DC=south
          Current time: 2008-11-18 16:01:51
          Last update time: 2008-09-19 10:46:19
          Check if source site has an elected ISTG running.
          Check replication from source site to this server. 
         REPLICATION-RECEIVED LATENCY WARNING
          Source site:
         CN=NTDS Site Settings,CN=Navasota,CN=Sites,CN=Configuration,DC=mid,DC=south
          Current time: 2008-11-18 16:01:51
          Last update time: 2008-09-19 10:16:12
          Check if source site has an elected ISTG running.
          Check replication from source site to this server. 
         ......................... MSVR passed test Replications
      Starting test: NCSecDesc
         ......................... MSVR passed test NCSecDesc
      Starting test: NetLogons
         ......................... MSVR passed test NetLogons
      Starting test: Advertising
         ......................... MSVR passed test Advertising
      Starting test: KnowsOfRoleHolders
         [NAVASOTA] DsBindWithSpnEx() failed with error -2146893022,
         The target principal name is incorrect..
         Warning: NAVASOTA is the Schema Owner, but is not responding to DS RPC Bind.
         [NAVASOTA] LDAP bind failed with error 8341,
         A directory service error has occurred..
         Warning: NAVASOTA is the Schema Owner, but is not responding to LDAP Bind.
         Warning: NAVASOTA is the Domain Owner, but is not responding to DS RPC Bind.
         Warning: NAVASOTA is the Domain Owner, but is not responding to LDAP Bind.
         Warning: NAVASOTA is the Rid Owner, but is not responding to DS RPC Bind.
         Warning: NAVASOTA is the Rid Owner, but is not responding to LDAP Bind.
         Warning: NAVASOTA is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
         Warning: NAVASOTA is the Infrastructure Update Owner, but is not responding to LDAP Bind.
         ......................... MSVR failed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... MSVR failed test RidManager
      Starting test: MachineAccount
         ......................... MSVR passed test MachineAccount
      Starting test: Services
         ......................... MSVR passed test Services
      Starting test: ObjectsReplicated
         ......................... MSVR passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... MSVR passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems. 
         ......................... MSVR failed test frsevent
      Starting test: kccevent
         An Warning Event occured.  EventID: 0x8025082D
            Time Generated: 11/18/2008   15:47:30
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x8025082D
            Time Generated: 11/18/2008   15:47:30
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0000748
            Time Generated: 11/18/2008   15:47:30
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x80250829
            Time Generated: 11/18/2008   15:47:30
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x8025082D
            Time Generated: 11/18/2008   15:47:30
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0000748
            Time Generated: 11/18/2008   15:47:30
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x80250829
            Time Generated: 11/18/2008   15:47:30
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x8025082D
            Time Generated: 11/18/2008   15:47:30
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0000748
            Time Generated: 11/18/2008   15:47:30
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x80250829
            Time Generated: 11/18/2008   15:47:30
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0000748
            Time Generated: 11/18/2008   15:47:30
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x80250829
            Time Generated: 11/18/2008   15:47:30
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0000748
            Time Generated: 11/18/2008   15:47:30
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x80250829
            Time Generated: 11/18/2008   15:47:30
            (Event String could not be retrieved)
         An Warning Event occured.  EventID: 0x80000785
            Time Generated: 11/18/2008   15:52:33
            Event String: The attempt to establish a replication link for
         An Warning Event occured.  EventID: 0x80000785
            Time Generated: 11/18/2008   15:52:33
            Event String: The attempt to establish a replication link for
         An Warning Event occured.  EventID: 0x80000785
            Time Generated: 11/18/2008   15:52:33
            Event String: The attempt to establish a replication link for
         An Warning Event occured.  EventID: 0x80000785
            Time Generated: 11/18/2008   15:52:33
            Event String: The attempt to establish a replication link for
         An Warning Event occured.  EventID: 0x80000785
            Time Generated: 11/18/2008   15:52:33
            Event String: The attempt to establish a replication link for
         An Warning Event occured.  EventID: 0x80000785
            Time Generated: 11/18/2008   15:52:33
            Event String: The attempt to establish a replication link for
         An Warning Event occured.  EventID: 0x80000785
            Time Generated: 11/18/2008   15:52:33
            Event String: The attempt to establish a replication link for
         An Warning Event occured.  EventID: 0x80000785
            Time Generated: 11/18/2008   15:52:33
            Event String: The attempt to establish a replication link for
         An Warning Event occured.  EventID: 0x80000785
            Time Generated: 11/18/2008   15:52:33
            Event String: The attempt to establish a replication link for
         An Warning Event occured.  EventID: 0x80000785
            Time Generated: 11/18/2008   15:52:33
            Event String: The attempt to establish a replication link for
         An Warning Event occured.  EventID: 0x80000785
            Time Generated: 11/18/2008   15:52:33
            Event String: The attempt to establish a replication link for
         An Warning Event occured.  EventID: 0x80000785
            Time Generated: 11/18/2008   15:52:34
            Event String: The attempt to establish a replication link for
         An Warning Event occured.  EventID: 0x80000785
            Time Generated: 11/18/2008   15:52:34
            Event String: The attempt to establish a replication link for
         An Warning Event occured.  EventID: 0x80000785
            Time Generated: 11/18/2008   15:52:34
            Event String: The attempt to establish a replication link for
         An Warning Event occured.  EventID: 0x80000785
            Time Generated: 11/18/2008   15:52:34
            Event String: The attempt to establish a replication link for
         ......................... MSVR failed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 11/18/2008   15:07:31
            Event String: The kerberos client received a
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 11/18/2008   15:07:31
            Event String: The kerberos client received a
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 11/18/2008   15:07:31
            Event String: The kerberos client received a
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 11/18/2008   15:50:59
            Event String: The kerberos client received a
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 11/18/2008   15:50:59
            Event String: The kerberos client received a
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 11/18/2008   15:51:32
            Event String: The kerberos client received a
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 11/18/2008   15:52:33
            Event String: The kerberos client received a
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 11/18/2008   15:52:33
            Event String: The kerberos client received a
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 11/18/2008   15:52:33
            Event String: The kerberos client received a
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 11/18/2008   16:00:42
            Event String: The kerberos client received a
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 11/18/2008   16:00:44
            Event String: The kerberos client received a
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 11/18/2008   16:01:51
            Event String: The kerberos client received a
         ......................... MSVR failed test systemlog
      Starting test: VerifyReferences
         ......................... MSVR passed test VerifyReferences
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : mid
      Starting test: CrossRefValidation
         ......................... mid passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... mid passed test CheckSDRefDom
   
   Running enterprise tests on : mid.south
      Starting test: Intersite
         ......................... mid.south passed test Intersite
      Starting test: FsmoCheck
         [HSVR] LDAP bind failed with error 8341,
         A directory service error has occurred..
         Error: The server returned by DsGetDcName() did not match DsListRoles() for the PDC
         ......................... mid.south passed test FsmoCheck

Open in new window

0
midsouthsynergy
Asked:
midsouthsynergy
  • 2
1 Solution
 
Henrik JohanssonSystems engineerCommented:
See http:Q_21682625.html for similar thread
0
 
midsouthsynergyAuthor Commented:
Saw that article, tried it and it didn't fix my issue. Same problems still occuring. Thanks
0
 
Malli BoppeCommented:
0
 
Henrik JohanssonSystems engineerCommented:
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now