hell_angel
asked on
DC event ID 4 Source Kerberos
couple months back introduced 2 2k8 r2 DC to environment at decom 2 2k3 DC. and recently
other 2 2k3dc at branch office having replication issue. Event ID 4 found.
Netdiag show warining cannot resolve SPN dc
other 2 2k3dc at branch office having replication issue. Event ID 4 found.
Netdiag show warining cannot resolve SPN dc
ASKER
hi...there is no firewall between to site... is IPVPN connection....
ASKER
check through... there is no duplicate name as well... if i delete my DNS zone and recreate it will it help..?
First of all check the DNS pointing on each server, they should point itself or local DNS server as primary and remote DNS server as a secondary.
Once you confirmed the DNS and IP setting run - ipconfig /flushdns & ipconfig /registerdns on each DC.
also restart DNS and Netlogonservice on each dc.
If issue reoccurs try to rest secure cannel as event indicates that the password used to encrypt the kerberos service ticket is different than that on the target server.
Active Directory – Resetting secure channel: http://abhijitw.wordpress.com/2011/08/31/active-directory-resetting-secure-channel/
Regards,
Abhijit Waikar.
-------------------------- --
MCSA|MCSA:Messaging|MCTS|M CITP:SA
My Blog: http://abhijitw.wordpress.com
This posting is provided AS IS with no warranties, and confers no rights.
Once you confirmed the DNS and IP setting run - ipconfig /flushdns & ipconfig /registerdns on each DC.
also restart DNS and Netlogonservice on each dc.
If issue reoccurs try to rest secure cannel as event indicates that the password used to encrypt the kerberos service ticket is different than that on the target server.
Active Directory – Resetting secure channel: http://abhijitw.wordpress.com/2011/08/31/active-directory-resetting-secure-channel/
Regards,
Abhijit Waikar.
--------------------------
MCSA|MCSA:Messaging|MCTS|M
My Blog: http://abhijitw.wordpress.com
This posting is provided AS IS with no warranties, and confers no rights.
ASKER
branch server event error logged that can't authenticate with my fsmo role holder which is newly deployed.. meant i should run the reset command to reset my both newly deployed AD..?
what will be the implication...?
what will be the implication...?
The event id can be due to duplicate SPN name conflict.
http://blog.joeware.net/2008/07/17/1407/
http://technet.microsoft.com/en-us/library/cc733987%28WS.10%29.aspx
http://blog.joeware.net/2008/07/17/1407/
http://technet.microsoft.com/en-us/library/cc733987%28WS.10%29.aspx
ASKER
checked through DNS record... no duplicate....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i did a netdom verify, the server verified successfuly.. still need to reset passwor for tha DC..?
Its case of duplicate SPN, resetting the secure channel will not resolve the issue. Please refer the earlier posted article to get rid of duplicate SPN.
Regards
__________________________ __________ ____
Awinish Vishwakarma
MY BLOG: http://awinish.wordpress.com
Regards
__________________________
Awinish Vishwakarma
MY BLOG: http://awinish.wordpress.com
ASKER
im going to do a password reset for the problematic server, before that, any possible if the server can't login after stop the KCC service and reboot..?
ASKER
n/a
Check this:
http://www.eventid.net/display.asp?eventid=4&eventno=1968&source=Kerberos&phase=1
http://technet.microsoft.com/en-us/library/cc733987(WS.10).aspx
http://www.microsoft.com/technet/support/ee/transform.aspx?ProdName=Windows%20Operating%20System&ProdVer=5.2&EvtID=4&EvtSrc=Kerberos&LCID=1033
Also provide us more info about firewall, port, site link to help you.
Regards,
Abhijit Waikar.
MCSA|MCSA:Messaging|MCTS|M
My Blog: http://abhijitw.wordpress.com
This posting is provided AS IS with no warranties, and confers no rights.