I have active directory forest level native 2003.
I have 3 windows 2003 Domain controllers and 3 windows 2008 r2 sp1 domain controllers
Few days ago I've restarted DC (win 2008) with PDC role.
After the restart I couldn't log on locally to DC.
If I stop KDC service then I can logon.
After resetting computer password
and after restart I can log in to DC only one time. Next logon attempt is without success.
In event log I can only find:
Event ID: 4
"The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/myserver.domain.com. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (domain.com), and the client realm. Please contact your system administrator."
Does anyone have any idea what is going on?
One more thing I've installed totally new windows 2008 r2 and added DC role to it.
After restart I have the same problem on my new DC.
I also tried dcdiag -fix.
Any help would be greatly appreciated.