Windows XP SP3 AND kerberos event ID4 when access Intranet application

Here's the situtation - we have a web application running on a Server 2003 SP2 that client PCs connect to (Windows XP SP2 and 3). After a while (this can be several hours or just a couple) the user goes to input a new record in the app but they get prompted with a Windows Authentication box - after which they get kicked out of the app (Server unavailable or cannot display the page type of error). If they close IE and then go back in - all is fine. Corresponding with the Windows Authentication box is the Kerberos event ID4 error:

The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/websvr.domain.com.  This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named  machine accounts in the target realm (domain.COM), and the client realm.   Please contact your system administrator.

Its not an issue with duplicate client PC names on the network as its been happening on 4 different PCs for SURE (probably much more that I just haven't heard about it) - but 1 of them had been rebuilt recently so I disjoined it from the domain, deleted the name out of AD, DNS, WINS and then rejoined it with a DIFFERENT name and still the same issue.

The event log on the web server doesn't seem to show any corresponding error when the XP machines log the Kerberos event ID 4. Does anyone have any ideas as to how I can troubleshoot this?
ITGeneralAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

awawadaCommented:
can you add your event source?
0
ITGeneralAuthor Commented:
Not sure what you mean by event source but if you're referring to the Source: field in Event properties its Source: Kerberos   Event_ID: 4
0
awawadaCommented:
thanx
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

ITGeneralAuthor Commented:
Well, I have the specific error that the client sees: HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials.

Question is why does it lose the credentials? Apparently it worked fine over the weekend.
0
ITGeneralAuthor Commented:
Turns out that following up on the HTTP Error 401.1 error appears to be the way to go - that lead me to the following MS KB Article ID: 871179 and applied the "Workaround" portion of the article. Seems to have held out over the weekend thus far. Will update to advise if the fix is permanent.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.