Solved

event ID 4 security-kerberos what does this mean  SBS 2011 network

Posted on 2014-01-20
8
1,573 Views
Last Modified: 2014-01-29
Can anyone help me understand what this is saying?  Rob-PC exists now.  Joe-LPTP isn't on the network - joe's laptop maybe?  I searched Rob-PC's registry for joe but came up with nothing.  Both would be members of the domain, not servers themselves.

rob-pc doesn't have a mapping to a printer or share to joe-lptp either.

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server rob-pc$. The target name used was cifs/JOE-LPTP.contoso.local. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (contoso.LOCAL) is different from the client domain (contoso.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server
0
Comment
  • 5
  • 2
8 Comments
 
LVL 35

Assisted Solution

by:Cris Hanna
Cris Hanna earned 100 total points
ID: 39797156
Were the computers joined to the domain using the SBS wizard or the manual method?
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 400 total points
ID: 39798102
There is a decent TechNet Blog Post written about how to find the source of these messages:

http://blogs.technet.com/b/dcaro/archive/2013/07/04/fixing-the-security-kerberos-4-error.aspx

Jeff
TechSoEasy
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 400 total points
ID: 39798128
FYI, it's possible that the computer JOE-LPTP is running IIS Server or some other type of service which would cause this problem.  

This is why you don't generally want NON-Domain computers attached to your internal network.  If people bring their own devices, you can provide a separate subnet for those devices to operate on.  Most wireless access points offer some type of network segmentation to allow a "guest" network that only goes out to the Internet and doesn't interact with your company assets.

Jeff
TechSoEasy
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39816328
I'm curious -- what ended up being the issue?

Jeff
TechSoEasy
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39816691
not sure... haven't gotten back to this
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39816960
Then why did you accept the answers?
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39817432
EE wanted me to close out the questions and I appreciate you guys taking the time to answer and help me.  I didn't think my feet dragging should hold things up or penalize your efforts. You gave me ideas so when I get back to it, I'll have a plan of attack.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 39819276
I think you misunderstand.  EE does not want you to close out a question by selecting every comment made.  

You may get a reminder to stay involved in a question -- all that takes is to post a comment after the last Expert comment so that the system knows you have seen the Expert's responses.

See this article for more info:
http://support.experts-exchange.com/customer/portal/articles/755968-what-if-my-question-doesn%E2%80%99t-get-an-answer-

Jeff
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
create SRP/Applocker rules in GPO on DC 5 30
SBS 2007 remove AD ? 10 61
who removed AD Domain ID 9 45
Robycopy Copy Data \ Disk to Disk (new\changed data) 18 81
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question