Hey Laura,
this is the strange DC error guy...unfortunately.
This DC existed for about 4 months. I did a parralle upgrade to 2003 with a
new box and promoting it into a windows 2000 domain using adprep /forestprep
and adprep /domainprep:gprep.
There has never been use of duplicate names.
this DC was never restored from a backup.
there never has been a duplicate name for any member servers nor have their
been any backup restores...
I'm able to update DNS registration from this maindc now, because i needed
to enable the DHCP client service on the machine.
I've tried the following from the problmatic DC:
net stop kdc
purge kerberos ticket cache using kerbtray
reset pwd using netdom
net start kdc
reboot
but i continue to get Replication access denied from one DC to all three of
my DC's.
I've tried the same as above from a second DC without removing the ticket
cahce, but still get the same errors from the phmaindc1 DC.
All other DC's replicate with this DC just fine.
i've checked the zones through dnscmd and made sure they are alike with
regard to zone type.dnscmd /enumzones
C:\>dnscmd /enumzones
Enumerated zone list:
Zone count = 5
Zone name Type Storage Properties
. Cache AD-Domain
168.192.in-addr.arpa Primary AD-Domain Update Rev Aging
31.168.192.in-addr.arpa Secondary File Rev
jacwf.phippsny.org Secondary File
phippsny.org Primary AD-Domain Update Aging
Command completed successfully.
above is PHMAINDC1
Below is PHPRINT1
C:\>dnscmd /enumzones
Enumerated zone list:
Zone count = 5
Zone name Type Storage Properties
. Cache AD-Domain
168.192.in-addr.arpa Primary AD-Domain Update Rev Aging
31.168.192.in-addr.arpa Secondary File Rev
jacwf.phippsny.org Secondary File
phippsny.org Primary AD-Domain Update Aging
Command completed successfully.
=\
i'm stuck.
On 11/16/06, Laura A. Robinson <[EMAIL PROTECTED]> wrote:
Is this the same set of machines that are being talked about in the
"strange DC error" thread? I don't remember who it was who originated that
one and I want to make sure I'm not asking for something you've already
provided.
So, if the answer to the above is "no", my next question is, can you
provide a little more information about the environment? How long has this
DC existed as a DC? Was there ever another DC with the same name? Was this
DC at any point restored from a backup? Has it been consistently connected
to the network? How about the member server- same questions as the DC
questions.
Thanks,
Laura
------------------------------
*From:* [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] *On Behalf Of *hboogz
*Sent:* Thursday, November 16, 2006 12 <javascript:void(0)>:09 PM
*To:* [email protected]
*Subject:* [ActiveDir] Kerberos is Killing Me!
I am having continued issues with Kerberos. I tried running tokensz
against the problem server and i get this error message..
C:\Tools>tokensz /compute_tokensize /package:negotiate /use_delegation
/target_s
erver:host/phmaindc1
Name: Negotiate Comment: Microsoft Package Negotiator
Current PackageInfo->MaxToken: 12128
Asked for delegate, but didn't get it.
Check if server is trusted for delegation.
QueryKeyInfo:
Signature algorithm =
Encrypt algorithm = RSADSI RC4
KeySize = 128
Flags = 2001c
Signature Algorithm = -138
Encrypt Algorithm = 26625
QueryContextAttributes (lifespan): Status =
2148074242<javascript:void(0)>0x80090302 SEC_E_NOT_SUPP
ORTED
any ideas ?
I keep getting the following event log message on a domain controller
which prevents users from accessing it and authenticating to it.
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 4
Date: 11/16/2006
Time: 12:02:37 PM
User: N/A
Computer: PHMAINDC1
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
host/phmaindc1.phippsny.org. The target name used was host/phprint1. This
indicates that the password used to encrypt the kerberos service ticket is
different than that on the target server. Commonly, this is due to
identically named machine accounts in the target realm ( PHIPPSNY.ORG),
and the client realm. Please contact your system administrator.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Help!
--
HBooGz:\>
--
HBooGz:\>
