Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

Event ID 4 - kerberos client received a KRB_AP_ERR_MODIFIED

Active Directory, Domain, DNS, WINS, DHCP, SBS, New Releases.

Event ID 4 - kerberos client received a KRB_AP_ERR_MODIFIED

Postby guest » Mon Mar 26, 2012 8:31 am

Q: Our 20088 DC has this error:
Product: Windows Operating System
Event ID: 4
Source: Microsoft-Windows-Security-Kerberos
Version: 6.0
Symbolic Name: KERBEVT_KRB_AP_ERR_MODIFIED
Message: The from the server %1. The target name used was %3. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named server accounts in the target realm (%2), and the client realm (%4). Please contact your system administrator.

How do you fix it?
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm

Re: Event ID 4 - kerberos client received a KRB_AP_ERR_MODIFIED

Postby guest » Mon Mar 26, 2012 8:32 am

Quoted from Microsoft.
Resolve
Delete an unused computer account by using Active Directory Users and Computers
A Kerberos ticket is encrypted by using the client computer account's password for the resulting encryption used on the ticket. If the computer account's password changes during the authentication process, the ticket cannot be decrypted. This can happen if a computer account was moved to a different forest and the original computer account object was not deleted. To resolve this issue, you should use Active Directory Users and Computers to delete the original computer account that is no longer used.

Note: The computer account is identified in the event log message.

To perform this procedure, you must be a member of the Domain Admins group, or you must have been delegated the appropriate authority.

To delete a computer account by using Active Directory Users and Computers:

1.Log on to a domain controller or another computer that has the Remote Server Adminstration Tools installed.
2.Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
3.Locate the computer account in Active Directory Domain Services (AD DS).
4.Right-click the computer account, and then click Delete.
Verify
To verify that the Kerberos client is correctly configured, you should ensure that a Kerberos ticket was received from the Key Distribution Center (KDC) and cached on the local computer. You can view cached Kerberos tickets on the local computer by using the Klist command-line tool.

Note: Klist.exe is not included with Windows Vista, Windows Server 2003, Windows XP, or Windows 2000. You must download and install the Windows Server Resource Kit before you can use Klist.exe.

To view cached Kerberos tickets by using Klist:

1.Log on to the Kerberos client computer.
2.Click Start, point to All Programs, click Accessories, and then click Command Prompt.
3.Type klist tickets, and then press ENTER.
4.Verify that a cached Kerberos ticket is available.
Ensure that the Client field displays the client on which you are running Klist.
Ensure that the Server field displays the domain in which you are connecting.
5.Close the command prompt.
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm


Return to Windows

Your Ad Here

Who is online

Users browsing this forum: No registered users and 5 guests