Solved

Event ID 4

Posted on 2011-02-23
3
441 Views
Last Modified: 2012-06-21
I am getting the following error on a member server in the domain.  The DCs are not showing any errors.  All servers are 2003. The machine called jmh-e6500 is listed in ADUC.  Will deleteing it from ADUC fix the issue?  The other machine mentioned in the error, server MH$ is an XP workstation, not a server.  Any help is appreciated.
cja

Event Type:      Error
Event Source:      Kerberos
Event Category:      None
Event ID:      4
Date:            2/22/2011
Time:            12:16:56 PM
User:            N/A
Computer:      SERVER-ADMIN-2
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server MH$.  The target name used was cifs/JMH-E6500.Company-Dom.company.com. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (Company-DOM.COMPANY.COM), and the client realm.   Please contact your system administrator.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:cja-tech-guy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 14

Accepted Solution

by:
Wonko_the_Sane earned 500 total points
ID: 34970183
Unless you get those errors all the time and notice any real issues it's not too much of a concern, but here's some things to check:

- make sure the DNS records for the servers and clients mentioned are OK, including Reverse DNS ones
-Check if there is a duplicate Service Principal Name (SPN), or an SPN assigned to the wrong machine. You can use tools such as ADSIEDIT to view them for the machines involved, you are probably looking for a SPN that starts with HOST/
You can also export the entire domain:
ldifde -f dumpfile.txt -d dc=company-Dom,dc=company,dc=com-l serviceprincipalname
0
 

Author Comment

by:cja-tech-guy
ID: 34970684
The only thing I see in DNS is duplicate records for the IP of the machine named MH and JMH-E6500.  JMH-E6500 is no longer a member of the domain, it was removed months ago.  MH is a new machine that was added about 3 weeks ago.  Should I delete the DNS record for JMH-E6500?  What happens if I delete a DNS record for a machine that is still a member of the domain?  Does it get recreated?

Thanks,

cja
0
 
LVL 14

Expert Comment

by:Wonko_the_Sane
ID: 34970789
Usually it will get recreated, at least in most standard configurations. You can trigger the registration from the machine by running "ipconfig /registerdns".

If there are duplicate records you may want to remove the one that's no longer valid.
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question