• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 651
  • Last Modified:

Server lost communication with domain

For some reason server lost connectivity with domain.   Ran dcdiag and came up with kerberos error.  Can login locally only. no \\servername\c$ or share.

An error event occurred.  EventID: 0x40000004
             Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server hostname$. The target name used was cifs/hostname.domain.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (domain.com) is different from the client domain (domain.com), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
1 Solution
Please check your DNS and also your time, date and timezone. How many domain controllers do you have ?
Have you checked for a virus etc?
Tiras25Author Commented:
2 DCs.  I was able to netdom resetpwd /s:servername /ud:domainname\Username /pd:password

Does anyone know why would it happen?
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Sounds like either time difference between the two systems is greater than 5 minutes or there are DNS issues.
SandeshdubeySenior Server EngineerCommented:
The error message indicates that secure channel is broken.If it is DC then you need to follow this:http://sandeshdubey.wordpress.com/2011/10/02/secure-channel-between-the-dcs-broken/

If the server in question is domain member server then you need to perform rejoin operation.
Also ensure correct dns setting on dc/clients and this:http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

See this similat thread:

Kerberos Event ID 4 (KRB_AP_ERR_Modified)
Tiras25Author Commented:
Netdom command help resetting computer account in AD.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now