troubleshooting Question

Event Log Kerberos KRB_AP_ERR_MODIFIED

Avatar of nbccit
nbccitFlag for Afghanistan asked on
ExchangeActive DirectoryDNS
1 Comment1 Solution860 ViewsLast Modified:
I'm getting the following error in my system log of my exchange server once every 1hr:


The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/DC02.domain.org.  The target name used was ldap/DC01.domain.org. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named  machine accounts in the target realm (DOMAIN.ORG), and the client realm.   Please contact your system administrator.

I don't see any DNS errors on either server (both 2003 Enterprise R2), there are no duplicate names.  DC01 is also a DNS, File, and Print server any help would be appreciated.  I plan on removing DC01 as a DC, and DNS server and leaving it as just a file and print server.  I've added a 2008 Enterprise R2 as a DC, DNS, DHCP server that I've already transfered the FSMO roles too (error was in the logs prior to the addition of the server).  It's a single domain environment also, if any other info is needed to help please let me know!!!
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 1 Comment.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 1 Comment.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros