[ActiveDir] KRB_AP_ERR_MODIFIED error

[Rich Milburn]

AD 2003, 2003 domain mode, 2000 forest mode I just installed SMS 2003 and started seeing the following on the SMS server (running W2K3).  I am trying to chase this down but the stuff I’m finding online is not helpful.  I have a large (over 50) number of errors like the following on the SMS server in the System log: Event Type:   Error Event Source:          Kerberos Event Category:       None Event ID:       4 Date:            2/17/2004 Time:            8:22:12 AM User:            N/A Computer:     AIISMS Description: The kerberos client received a KRB_AP_ERR_MODIFIED error from the server REM4649XP$.  The target name used was cifs/REM4724.CORPORATE.DOMAIN. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (CORPORATE.DOMAIN), and the client realm.   Please contact your system administrator.  (that’s me, thanks a lot)   Well, there would have to be an awful lot of “identically named computers” on our network if that is the case, and they were fine before SMS… but it seems strange they are showing a different FQDN than the server name shown – which is not a server but a workstation (not that it cares here I think).  I don’t know enough about Kerberos to know if that is important, but I have printed out the RFC.  Fun.  Anyone know anything about this error?  Hint – I’m pretty certain the answer is not to re-add all those workstations to the domain….   Thanks   Rich     Rich Milburn MS MVP – Directory Services MCSE NT4/2000         -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system.