Is this the same set of machines that are being talked about in the "strange DC error" thread? I don't remember who it was who originated that one and I want to make sure I'm not asking for something you've already provided. So, if the answer to the above is "no", my next question is, can you provide a little more information about the environment? How long has this DC existed as a DC? Was there ever another DC with the same name? Was this DC at any point restored from a backup? Has it been consistently connected to the network? How about the member server- same questions as the DC questions. Thanks, Laura
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of hboogz Sent: Thursday, November 16, 2006 12:09 PM To: [email protected] Subject: [ActiveDir] Kerberos is Killing Me! I am having continued issues with Kerberos. I tried running tokensz against the problem server and i get this error message.. C:\Tools>tokensz /compute_tokensize /package:negotiate /use_delegation /target_s erver:host/phmaindc1 Name: Negotiate Comment: Microsoft Package Negotiator Current PackageInfo->MaxToken: 12128 Asked for delegate, but didn't get it. Check if server is trusted for delegation. QueryKeyInfo: Signature algorithm = Encrypt algorithm = RSADSI RC4 KeySize = 128 Flags = 2001c Signature Algorithm = -138 Encrypt Algorithm = 26625 QueryContextAttributes (lifespan): Status = 2148074242 0x80090302 SEC_E_NOT_SUPP ORTED any ideas ? I keep getting the following event log message on a domain controller which prevents users from accessing it and authenticating to it. Event Type: Error Event Source: Kerberos Event Category: None Event ID: 4 Date: 11/16/2006 Time: 12:02:37 PM User: N/A Computer: PHMAINDC1 Description: The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/phmaindc1.phippsny.org. The target name used was host/phprint1. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm ( PHIPPSNY.ORG), and the client realm. Please contact your system administrator. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Help! -- HBooGz:\>
