kerberos errors after DC upgrade



Civic
07-09-2005, 11:51 PM
we are receiving the following errors on most server system logs after we
brought up a new DC;
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
host/ad2.dj.com. The target name used was ldap/adns1.dj.com/dj.com@dj.com.
This indicates that the password used to encrypt the kerberos service ticket
is different than that on the target server. Commonly, this is due to
identically named machine accounts in the target realm (DJ.COM), and the
client realm. Please contact your system administrator.
the error seems to re-occur ever 8 hours exactly. we do not use DHCP so we
had to use the same IP of the old DC for the new one and confirmed that the
servers were correctly registered in DNS after the IP change and server
reboots.
Is this an error to be concerned with or will it go away away after these
servers have time to refresh their DNS information?

Fransg [MSFT]
07-09-2005, 11:51 PM
"Civic" <Civic@discussions.microsoft.com> wrote in message
news:E59E2DE0-6F0F-465A-908E-1375F202C5E2@microsoft.com...
> we are receiving the following errors on most server system logs after we
> brought up a new DC;
> The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
> host/ad2.dj.com. The target name used was
> ldap/adns1.dj.com/dj.com@dj.com.
> This indicates that the password used to encrypt the kerberos service
> ticket
> is different than that on the target server. Commonly, this is due to
> identically named machine accounts in the target realm (DJ.COM), and the
> client realm. Please contact your system administrator.
> the error seems to re-occur ever 8 hours exactly. we do not use DHCP so
> we
> had to use the same IP of the old DC for the new one and confirmed that
> the
> servers were correctly registered in DNS after the IP change and server
> reboots.
> Is this an error to be concerned with or will it go away away after these
> servers have time to refresh their DNS information?

Hi,

Have a look at the following kb articles and try to Reset secure channel on
all DCs using Q288167

Good luck,

--
Frans Geurtsen
PSS Security
Microsoft

This posting is provided "AS IS" with no warranties, and confers no rights.


kerberos errors after DC upgrade