Hey Laura,

this is the strange DC error guy...unfortunately.

This DC existed for about 4 months. I did a parralle upgrade to 2003 with a
new box and promoting it into a windows 2000 domain using adprep /forestprep
and adprep /domainprep:gprep.

There has never been use of duplicate names.

this DC was never restored from a backup.

there never has been a duplicate name for any member servers nor have their
been any backup restores...

I'm able to update DNS registration from this maindc now, because i needed
to enable the DHCP client service on the machine.

I've tried the following from the problmatic DC:

net stop kdc

purge kerberos ticket cache using kerbtray

reset pwd using netdom

net start kdc

reboot

but i continue to get Replication access denied from one DC to all three of
my DC's.

I've tried the same as above from a second DC without removing the ticket
cahce, but still get the same errors from the phmaindc1 DC.



All other DC's replicate with this DC just fine.

i've checked the zones through dnscmd and made sure they are alike with
regard to zone type.dnscmd /enumzones

C:\>dnscmd /enumzones
Enumerated zone list:

       Zone count = 5

Zone name                      Type       Storage         Properties

.                              Cache      AD-Domain
168.192.in-addr.arpa           Primary    AD-Domain       Update Rev Aging
31.168.192.in-addr.arpa        Secondary  File            Rev
jacwf.phippsny.org             Secondary  File
phippsny.org                   Primary    AD-Domain       Update Aging

Command completed successfully.

above is PHMAINDC1

Below is PHPRINT1

C:\>dnscmd /enumzones
Enumerated zone list:

       Zone count = 5

Zone name                      Type       Storage         Properties

.                              Cache      AD-Domain
168.192.in-addr.arpa           Primary    AD-Domain       Update Rev Aging
31.168.192.in-addr.arpa        Secondary  File            Rev
jacwf.phippsny.org             Secondary  File
phippsny.org                   Primary    AD-Domain       Update Aging

Command completed successfully.



=\

i'm stuck.



On 11/16/06, Laura A. Robinson <[EMAIL PROTECTED]> wrote:

 Is this the same set of machines that are being talked about in the
"strange DC error" thread? I don't remember who it was who originated that
one and I want to make sure I'm not asking for something you've already
provided.

So, if the answer to the above is "no", my next question is, can you
provide a little more information about the environment? How long has this
DC existed as a DC? Was there ever another DC with the same name? Was this
DC at any point restored from a backup? Has it been consistently connected
to the network? How about the member server- same questions as the DC
questions.

Thanks,

Laura

 ------------------------------
*From:* [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] *On Behalf Of *hboogz
*Sent:* Thursday, November 16, 2006 12 <javascript:void(0)>:09 PM
*To:* [email protected]
*Subject:* [ActiveDir] Kerberos is Killing Me!


I am having continued issues with Kerberos. I tried running tokensz
against the problem server and i get this error message..

C:\Tools>tokensz /compute_tokensize /package:negotiate /use_delegation
/target_s
erver:host/phmaindc1

Name: Negotiate Comment: Microsoft Package Negotiator
Current PackageInfo->MaxToken: 12128

Asked for delegate, but didn't get it.
Check if server is trusted for delegation.

QueryKeyInfo:
Signature algorithm =
Encrypt algorithm = RSADSI RC4
KeySize = 128
Flags = 2001c
Signature Algorithm = -138
Encrypt Algorithm = 26625
QueryContextAttributes (lifespan): Status = 
2148074242<javascript:void(0)>0x80090302 SEC_E_NOT_SUPP
ORTED


any ideas ?

I keep getting the following event log message on a domain controller
which prevents users from accessing it and authenticating to it.

Event Type:    Error
Event Source:    Kerberos
Event Category:    None
Event ID:    4
Date:        11/16/2006
Time:        12:02:37 PM
User:        N/A
Computer:    PHMAINDC1
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
host/phmaindc1.phippsny.org.  The target name used was host/phprint1. This
indicates that the password used to encrypt the kerberos service ticket is
different than that on the target server. Commonly, this is due to
identically named  machine accounts in the target realm ( PHIPPSNY.ORG),
and the client realm.   Please contact your system administrator.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


Help!



--
HBooGz:\>




--
HBooGz:\>

Reply via email to