• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 611
  • Last Modified:

DC event ID 4 Source Kerberos

couple months back introduced 2 2k8 r2 DC to environment at decom 2 2k3 DC. and recently
other 2 2k3dc at branch office having replication issue. Event ID 4 found.
Netdiag show warining cannot resolve SPN dc
0
hell_angel
Asked:
hell_angel
  • 7
  • 3
  • 2
1 Solution
 
abhijitwaikarCommented:
Hi,

Check this:  
http://www.eventid.net/display.asp?eventid=4&eventno=1968&source=Kerberos&phase=1
http://technet.microsoft.com/en-us/library/cc733987(WS.10).aspx
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows%20Operating%20System&ProdVer=5.2&EvtID=4&EvtSrc=Kerberos&LCID=1033

Also provide us more info about firewall, port, site link to help you.

Regards,
Abhijit Waikar.
MCSA|MCSA:Messaging|MCTS|MCITP:SA
My Blog: http://abhijitw.wordpress.com
This posting is provided AS IS with no warranties, and confers no rights.
0
 
hell_angelEngineerAuthor Commented:
hi...there is no firewall between to site... is IPVPN connection....
0
 
hell_angelEngineerAuthor Commented:
check through... there is no duplicate name as well... if i delete my DNS zone and recreate it will it help..?
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
abhijitwaikarCommented:
First of all check the DNS pointing on each server, they should point itself or local DNS server as primary and remote DNS server as a secondary.

Once you confirmed the DNS and IP setting run - ipconfig /flushdns & ipconfig /registerdns on each DC.

also restart DNS and Netlogonservice on each dc.

If issue reoccurs try to rest secure cannel as event indicates that the password used to encrypt the kerberos service ticket is different than that on the target server.  
Active Directory – Resetting secure channel: http://abhijitw.wordpress.com/2011/08/31/active-directory-resetting-secure-channel/

Regards,
Abhijit Waikar.
----------------------------
MCSA|MCSA:Messaging|MCTS|MCITP:SA
My Blog: http://abhijitw.wordpress.com
This posting is provided AS IS with no warranties, and confers no rights.
1
 
hell_angelEngineerAuthor Commented:
branch server event error logged that can't authenticate with my fsmo role holder which is newly deployed.. meant i should run the reset command to reset my both newly deployed AD..?
what will be the implication...?
0
 
AwinishCommented:
0
 
hell_angelEngineerAuthor Commented:
checked through DNS record... no duplicate....
0
 
abhijitwaikarCommented:
Yes, run the provided command on problematic DC, follow the steps which are provided in article.

If you run Netdom on "newly deployed AD" with the correct parameters, the password is changed locally and is simultaneously written on main DC, and replication propagates the change to other domain controllers.
0
 
hell_angelEngineerAuthor Commented:
i did a netdom verify, the server verified successfuly.. still need to reset passwor for tha DC..?
0
 
AwinishCommented:
Its case of duplicate SPN, resetting the secure channel will not resolve the issue. Please refer the earlier posted article to get rid of duplicate SPN.

Regards
________________________________________
Awinish Vishwakarma
MY BLOG:  http://awinish.wordpress.com
0
 
hell_angelEngineerAuthor Commented:
im going to do a password reset for the problematic server, before that, any possible if the server can't login after stop the KCC service and reboot..?
0
 
hell_angelEngineerAuthor Commented:
n/a
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

  • 7
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now