Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

The kerberos client received a KRB_AP_ERR_MODIFIED error from the server

Posted on 2015-02-11
3
Medium Priority
?
433 Views
Last Modified: 2015-02-23
Dear experts

A few days ago I could not logon to our DC or windows 7 clients / our windows XP clients (yes we still have some) were unaffected. Following a reboot, the server resumed normal function - I am keen to avoid this happening again so i have started investigating

I have noticed the error around the time the problem started:-

The kerberos client received a KRB_AP_ERR_MODIFIED error from the server

within the event log of our DC

I checked the Microsoft forums and they have the following article

http://support.microsoft.com/kb/558115/en-gb

The server in question only has one  ip address

Looking deeper I saw another article suggesting that a password had been changed ....

I also noticed events of the following type

The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

 System

  - Provider

   [ Name]  Microsoft-Windows-GroupPolicy
   [ Guid]  {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
 
   EventID 1006
 
   Version 0
 
   Level 2
 
   Task 0
 
   Opcode 1
 
   Keywords 0x8000000000000000
 
  - TimeCreated

   [ SystemTime]  2015-02-04T13:11:55.867050200Z
 
   EventRecordID 7893
 
  - Correlation

   [ ActivityID]  {3CCDA29C-3372-4544-89F4-BE95630A9B46}
 
  - Execution

   [ ProcessID]  988
   [ ThreadID]  2460
 
   Channel System
 


Ii would appreciate your input

Kind regards
0
Comment
Question by:robbie999
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 28

Expert Comment

by:Dan McFadden
ID: 40611834
What was the eventID of the "KRB_AP_ERR_MODIFIED?"    Was it event id 4?  If so, there is more detail in the KRB error event details.  It should tell you what machine needs to have it's Kerberos password reset.

The error you posted most likely is the result of the Kerberos error.  The details of that error are more important.

Similar problem resolution:  http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28597748.html

If its not event id 4, can you post the event id of the original Kerberos event?

Dan
0
 

Accepted Solution

by:
robbie999 earned 0 total points
ID: 40616226
Dan thanks for your post

I have actually found the fix myself

For the reference of other users - my 2012 r2 domain used to have a 2003 sbs DC

please see the hotfix below

https://support.microsoft.com/kb/2989971?wa=wsignin1.0
0
 

Author Closing Comment

by:robbie999
ID: 40625339
I resolved the issue through my own research
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question