I need to be able to find the SPN as the dsquery given didn't work for me.
the host name without the dns suffix -- netbios name is phmaindc1 on top the issues i have now, replication from phmaindc1 doesn't work to the other dc's, but when i run a repadmin /showreps from the other domain contollers, replication TO phmaindc1 reports successfully. i don't have identically named hosts, never did but it sounds like it could be the issue. DNS is setup as AD-INT right now on all servers, reverse and forward zones. I need insight on how to find duplicate SPN's. On 11/16/06, Al Mulnick <[EMAIL PROTECTED]> wrote:
Do you have identically named hosts? Maybe nic teaming gone wrong? Clustering? Strange DNS? What exactly is the hostname supposed to be? host/phprint1? That's not the same as the host name you're reporting from (SPN?) Al On 11/16/06, hboogz <[EMAIL PROTECTED]> wrote: > > > I am having continued issues with Kerberos. I tried running tokensz > against the problem server and i get this error message.. > > C:\Tools>tokensz /compute_tokensize /package:negotiate /use_delegation > /target_s > erver:host/phmaindc1 > > Name: Negotiate Comment: Microsoft Package Negotiator > Current PackageInfo->MaxToken: 12128 > > Asked for delegate, but didn't get it. > Check if server is trusted for delegation. > > QueryKeyInfo: > Signature algorithm = > Encrypt algorithm = RSADSI RC4 > KeySize = 128 > Flags = 2001c > Signature Algorithm = -138 > Encrypt Algorithm = 26625 > QueryContextAttributes (lifespan): Status = 2148074242<javascript:void(0)>0x80090302 SEC_E_NOT_SUPP > ORTED > > > any ideas ? > > I keep getting the following event log message on a domain controller > which prevents users from accessing it and authenticating to it. > > Event Type: Error > Event Source: Kerberos > Event Category: None > Event ID: 4 > Date: 11/16/2006 > Time: 12:02:37 PM > User: N/A > Computer: PHMAINDC1 > Description: > The kerberos client received a KRB_AP_ERR_MODIFIED error from the server > host/phmaindc1.phippsny.org. The target name used was host/phprint1. This > indicates that the password used to encrypt the kerberos service ticket is > different than that on the target server. Commonly, this is due to > identically named machine accounts in the target realm ( PHIPPSNY.ORG), > and the client realm. Please contact your system administrator. > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > > > Help! > > > > -- > HBooGz:\>
-- HBooGz:\>
