troubleshooting Question

Can't log on locally to domain controller.

Avatar of f_o_o_k_y
f_o_o_k_yFlag for Poland asked on
Active DirectoryWindows Server 2008
7 Comments1 Solution1160 ViewsLast Modified:
Hello,
I have active directory forest level native 2003.
I have 3 windows 2003 Domain controllers and 3 windows 2008 r2 sp1 domain controllers

Few days ago I've restarted DC (win 2008) with PDC role.
After the restart I couldn't log on locally to DC.
If I stop KDC service then I can logon.

After resetting computer password
netdom resetpwd
and after restart I can log in to DC only one time. Next logon attempt is without success.

In event log I can only find:

 Event ID: 4
Source: Kerbeors
Type: Error

"The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/myserver.domain.com. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (domain.com), and the client realm. Please contact your system administrator."


Does anyone have any idea what is going on?

One more thing I've installed totally new windows 2008 r2 and added DC role to it.
After restart I have the same problem on my new DC.

I also tried dcdiag -fix.

Any help would be greatly appreciated.

Best Regards
FooKy
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 7 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 7 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros