?
Solved

Kerberos EventID 4

Posted on 2010-09-13
4
Medium Priority
?
1,031 Views
Last Modified: 2012-05-10
One machine hangs constantly. We have checked hardware, disk space, RAM etc. I would like to rule out a particular possible issue. What I am asking for is to understand HOW to troubleshoot this issue, what the machine references are actually saying (names changed). This error is logged every hour and wondering if this could be causing hang (authentication) ? All DCs are Windows 2008.

The kerberos client received a KRB_AP_ERR_MODIFIED error from the server <machine_name>$.  The target name used was <server_name>/<machine_name>.<domain_name>. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named  machine accounts in the target realm (<domain_name>), and the client realm.   Please contact your system administrator.
Thanks to all in advance for help.
0
Comment
Question by:TheGeezer2010
  • 3
4 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33661050
Could you check in your DNS console in reverse lookup zone if there is a PTR record for DNS server, please?
Then reboot client PC.
0
 
LVL 11

Author Comment

by:TheGeezer2010
ID: 33661222
Hi There

Both DCs are DNS servers and they do indeed have PTR records in the correct zone (verifiable via NSLOOKUP as well). The machine which hangs is Windows 2003 SP2 server and has just been rebooted but still logs the error. This may well NOT be the cause of the hang. This exercise is to rule this out.

Thanks for swift response.
0
 
LVL 11

Accepted Solution

by:
TheGeezer2010 earned 0 total points
ID: 34334868
Please close as abandoned - no points awarded
0
 
LVL 11

Author Closing Comment

by:TheGeezer2010
ID: 34399195
No suitable answer offered.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

593 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question