Solved

Event Log Kerberos KRB_AP_ERR_MODIFIED

Posted on 2012-03-14
2
790 Views
Last Modified: 2012-04-04
I'm getting the following error in my system log of my exchange server once every 1hr:


The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/DC02.domain.org.  The target name used was ldap/DC01.domain.org. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named  machine accounts in the target realm (DOMAIN.ORG), and the client realm.   Please contact your system administrator.

I don't see any DNS errors on either server (both 2003 Enterprise R2), there are no duplicate names.  DC01 is also a DNS, File, and Print server any help would be appreciated.  I plan on removing DC01 as a DC, and DNS server and leaving it as just a file and print server.  I've added a 2008 Enterprise R2 as a DC, DNS, DHCP server that I've already transfered the FSMO roles too (error was in the logs prior to the addition of the server).  It's a single domain environment also, if any other info is needed to help please let me know!!!
0
Comment
Question by:nbccit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Accepted Solution

by:
nbccit earned 0 total points
ID: 37805835
Problem solved, it turns out someone on my team modified the host file of the Exchange Server that had a bad ip address.

Thanks,
Ronnie
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Group policy and test domains 2 28
IF statement on a PowerShell Script 2 23
Active directory DNS integrated question? 7 35
Block Hacker? 2 26
This article runs through the process of deploying a single EXE application selectively to a group of user.
A hard and fast method for reducing Active Directory Administrators members.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
how to add IIS SMTP to handle application/Scanner relays into office 365.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question