Kerberos and SPN problems
Hello,
I get hundreds of Event ID: 4 Source: Kerberos on my SCCM server. This server is a Windows Server 2003 R2 (SP2).
The event error is:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the
server (ComputerName)$. The target name used was RPCSS/(ComputerName2.ACT.L
indicates that the password used to encrypt the kerberos service ticket
is different than that on the target server. Commonly, this is due to identically named
machine accounts in the target realm (ACT.LCM), and the client realm.
Please contact your system administrator.
Every error has a different server name ending with a $ sign. The RPCSS/Computer name is also never the same computer, and it's killing me!
How do I fix all these errors? Please help!
I have had a look at the SPN sites from Microsoft, but I'm not getting and concrete help or indication what's causing this.
The SPN query site helped a bit, but this is for one error at a time:
http://www.microsoft.com/technet/scriptcenter/solutions/spnquery.mspx
I get hundreds of Event ID: 4 Source: Kerberos on my SCCM server. This server is a Windows Server 2003 R2 (SP2).
The event error is:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the
server (ComputerName)$. The target name used was RPCSS/(ComputerName2.ACT.L
indicates that the password used to encrypt the kerberos service ticket
is different than that on the target server. Commonly, this is due to identically named
machine accounts in the target realm (ACT.LCM), and the client realm.
Please contact your system administrator.
Every error has a different server name ending with a $ sign. The RPCSS/Computer name is also never the same computer, and it's killing me!
How do I fix all these errors? Please help!
I have had a look at the SPN sites from Microsoft, but I'm not getting and concrete help or indication what's causing this.
The SPN query site helped a bit, but this is for one error at a time:
http://www.microsoft.com/technet/scriptcenter/solutions/spnquery.mspx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I found something that might be of use to somebody else.
Adding a subnet to the netowrk without adding it into the reverse lookups on DNS will cause all these errors on your servers. This might be useful.
Adding a subnet to the netowrk without adding it into the reverse lookups on DNS will cause all these errors on your servers. This might be useful.
ASKER
Thanks sprengy for the comments, but that did not work for me. I read some other articles on the web that pointed me into some DNS issues.
I found that we added another two subnets to our local network, without added them to our reverse lookups.
After adding these two subnets to our DNS servers, all the error messages went away.
Thanks for your help anyway.
Ampletrix