asked on Event Log Kerberos KRB_AP_ERR_MODIFIED
I'm getting the following error in my system log of my exchange server once every 1hr:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/DC02.domain.org. The target name used was ldap/DC01.domain.org. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (DOMAIN.ORG), and the client realm. Please contact your system administrator.
I don't see any DNS errors on either server (both 2003 Enterprise R2), there are no duplicate names. DC01 is also a DNS, File, and Print server any help would be appreciated. I plan on removing DC01 as a DC, and DNS server and leaving it as just a file and print server. I've added a 2008 Enterprise R2 as a DC, DNS, DHCP server that I've already transfered the FSMO roles too (error was in the logs prior to the addition of the server). It's a single domain environment also, if any other info is needed to help please let me know!!!
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/DC02.domain.org. The target name used was ldap/DC01.domain.org. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (DOMAIN.ORG), and the client realm. Please contact your system administrator.
I don't see any DNS errors on either server (both 2003 Enterprise R2), there are no duplicate names. DC01 is also a DNS, File, and Print server any help would be appreciated. I plan on removing DC01 as a DC, and DNS server and leaving it as just a file and print server. I've added a 2008 Enterprise R2 as a DC, DNS, DHCP server that I've already transfered the FSMO roles too (error was in the logs prior to the addition of the server). It's a single domain environment also, if any other info is needed to help please let me know!!!
DNSActive DirectoryExchange
Last Comment
nbccit
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.