Server lost communication with domain

For some reason server lost connectivity with domain.   Ran dcdiag and came up with kerberos error.  Can login locally only. no \\servername\c$ or share.

An error event occurred.  EventID: 0x40000004
             Event String:
            The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server hostname$. The target name used was cifs/ This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain ( is different from the client domain (, check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
LVL 17
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Please check your DNS and also your time, date and timezone. How many domain controllers do you have ?
Have you checked for a virus etc?
Tiras25Author Commented:
2 DCs.  I was able to netdom resetpwd /s:servername /ud:domainname\Username /pd:password

Does anyone know why would it happen?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Sounds like either time difference between the two systems is greater than 5 minutes or there are DNS issues.
SandeshdubeySenior Server EngineerCommented:
The error message indicates that secure channel is broken.If it is DC then you need to follow this:

If the server in question is domain member server then you need to perform rejoin operation.
Also ensure correct dns setting on dc/clients and this:

See this similat thread:

Kerberos Event ID 4 (KRB_AP_ERR_Modified)
Tiras25Author Commented:
Netdom command help resetting computer account in AD.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.