Solved

Event Log Kerberos KRB_AP_ERR_MODIFIED

Posted on 2012-03-14
2
786 Views
Last Modified: 2012-04-04
I'm getting the following error in my system log of my exchange server once every 1hr:


The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/DC02.domain.org.  The target name used was ldap/DC01.domain.org. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named  machine accounts in the target realm (DOMAIN.ORG), and the client realm.   Please contact your system administrator.

I don't see any DNS errors on either server (both 2003 Enterprise R2), there are no duplicate names.  DC01 is also a DNS, File, and Print server any help would be appreciated.  I plan on removing DC01 as a DC, and DNS server and leaving it as just a file and print server.  I've added a 2008 Enterprise R2 as a DC, DNS, DHCP server that I've already transfered the FSMO roles too (error was in the logs prior to the addition of the server).  It's a single domain environment also, if any other info is needed to help please let me know!!!
0
Comment
Question by:nbccit
2 Comments
 

Accepted Solution

by:
nbccit earned 0 total points
ID: 37805835
Problem solved, it turns out someone on my team modified the host file of the Exchange Server that had a bad ip address.

Thanks,
Ronnie
0

Featured Post

[Webinar] Disaster Recovery and Cloud Management

Learn from Unigma and CloudBerry industry veterans which providers are best for certain use cases and how to lower cloud costs, how to grow your Managed Services practice in IaaS clouds, and how to utilize public cloud for Disaster Recovery

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
how to add IIS SMTP to handle application/Scanner relays into office 365.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now