KRB_AP_ERR_MODIFIED error
Paul Martin
pnm2 at kent.ac.uk
Fri Nov 21 12:53:18 EST 2003
Hi, I've noticed in the event logs of a number of machines in my domain that
they have the error message:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
SPRINGFIELD$. This indicates that the password used to encrypt the kerberos
service ticket is different than that on the target server. Commonly,
this is due to identically named machine accounts in the target realm
(******.***.ac.uk), and the client realm. Please contact your system
administrator.
However, only one machine is affected. This machine is fine to start up and
log in, the user then usually has full functionality. However, after a
period of time when the user tries to access files on the main Domain
Controller they are given an error message saying that they do not have
access. They are then not able to browse the shared files at all on the DC.
When the user attempts to shut down it tells them that it is not possible to
save their roaming profile and then shuts down. When the computer restarts
they are able to log back in again normally and access resources on the DC.
THE USER IS STILL ABLE TO ACCESS ALL OTHER MACHINES AND TO PING ALL
MACHINES. STRANGE!
Back in March the main DC failed and there was no backup of the system state
data in place at the time, therefore the users files were restored and the
settings set up again from scratch. However the mistake was made at the time
of renaming the server back to the same name that it had before the crash,
this was Windu. This caused numerous problems because the server had the
same name but a different SID( is that what its called???). Therefore at the
end of August I reloaded the server again and renamed it something
different. This solved many of the problems however I believe this is when
the current problem started. Could it be to do with the Kerberos passwords
being stored on the original configuration and then were lost?? PLEASE HELP!
Many Thanks in anticipation.
Paul Martin
More information about the Kerberos
mailing list