Shared folder permissions

Posted on 2012-09-14
Last Modified: 2012-09-22
Good afternoon all,

I am have a strange problem with one of my file servers. I cannot access the shared folders on Data2 from either of my DC's. Those shares are replicated  through DFS to Data4 where I can access them from the DC's. Data4 is in a branch office.  All of the times are sycronized. Permissions seem to be fine. My concern is I am having some users now having problems accessing these shares. As you can see I can access them if I use the internal IP address of Data2

C:\Users\rxxxxxxx>net view \\data2
System error 5 has occurred.

Access is denied.

C:\Users\rxxxxxxx>net view \\
Shared resources at \\

Share name   Type  Used as  Comment

Backup       Disk           Backup
corp         Disk
Group_data   Disk
Public_data  Disk
UserData     Disk
The command completed successfully.

Thanks in advance!!
Question by:mgraft
    LVL 25

    Expert Comment

    That sounds like a DNS issue if you can access by IP and not name.

    Author Comment

    I can ping the server by name from the DC's

    Author Comment

    Found this in the logs of DC1:
    Log Name:      System
    Source:        Microsoft-Windows-Security-Kerberos
    Date:          9/14/2012 3:51:22 PM
    Event ID:      4
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server data2$. The target name used was cifs/DATA2. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (xxO.xxxxxxxM.COM) is different from the client domain (xxO.xxxxxxxAM.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
    Event Xml:
    <Event xmlns="">
        <Provider Name="Microsoft-Windows-Security-Kerberos" Guid="{98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}" EventSourceName="Kerberos" />
        <EventID Qualifiers="16384">4</EventID>
        <TimeCreated SystemTime="2012-09-14T19:51:22.000Z" />
        <Correlation />
        <Execution ProcessID="0" ThreadID="0" />
        <Security />
        <Data Name="Server">data2$</Data>
        <Data Name="TargetRealm">xxxxxxxxxxx</Data>
        <Data Name="Targetname">cifs/DATA2</Data>
        <Data Name="ClientRealm">xxxxxxxCOM</Data>

    Author Comment

    Anybody know how to resolve this Kerberos error. I did not set this domain up, just assigned to fix it.
    LVL 25

    Expert Comment


    Author Comment

    I am checking those now.  So far a no go.

    Accepted Solution

    I used Netdom to reset machine account password and it seemed to work. I am going to keep an eye on the logs before I do the other DC.

    Author Closing Comment

    Found my own solution

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
    Know what services you can and cannot, should and should not combine on your server.
    This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
    With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now