hey Laura - i did respond to your inquriy, i've actually posted a lot since then, but the answers to your questions are:
this is the strange DC error guy...unfortunately. This DC existed for about 4 months. I did a parallel upgrade to 2003 with a new box and promoting it into a windows 2000 domain using adprep /forestprep and adprep /domainprep:gprep. There has never been use of duplicate names. this DC was never restored from a backup. there never has been a duplicate name for any member servers nor have their been any backup restores... I'm able to update DNS registration from this maindc now, because i needed to enable the DHCP client service on the machine. phmaindc1 is a DC and PDCe for Domain: Phippsny.org phprint1 is a DC for Domain: phippsny.org. I managed to get replication working between phmaindc1 and all my DC's! i had to do the following from phmaindc1: net stop kdc set the startup type to Manual netdom resetpwd /s:phmaindc1 /ud:domain\administrator /pd:* reboot start the kdc and set the statup type to Automatic. i performed a repadmin /showreps and eerything is succesful and remains succusfull for now. however, i still receive the following kerberos error!!!!! Event Type: Error Event Source: Kerberos Event Category: None Event ID: 4 Date: 11/16/2006 Time: 7:51:02 PM User: N/A Computer: PHMAINDC1 Description: The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/phmaindc1.phippsny.org. The target name used was ldap/PHMAINDC1.phippsny.org/[EMAIL PROTECTED] This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (PHIPPSNY.ORG), and the client realm. Please contact your system administrator. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. And i get the following Group Policy Error: Event Type: Error Event Source: Userenv Event Category: None Event ID: 1030 Date: 11/16/2006 Time: 8:06:33 PM User: PHIPPSNY\Administrator Computer: PHMAINDC1 Description: Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Although, when i run a gpresult i get some of the GPO's applied. On 11/16/06, Laura A. Robinson <[EMAIL PROTECTED]> wrote:
1. Is phmaindc1 a DC for PHIPPSNY.ORG? 2. Is phprint1 a member of PHIPPSNY.ORG? 3. Are you able to provide any of the other information I asked about in my other response? Laura ------------------------------ *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *hboogz *Sent:* Thursday, November 16, 2006 2:42 PM *To:* [email protected] *Subject:* Re: [ActiveDir] Kerberos is Killing Me! Thanks Michael, I ran the following command and got the following output. C:\>dsquery * (dc=phippsny,dc=org) -filter "(servicePrincipalName=host/phmaindc1)" dsquery failed:A referral was returned from the server. type dsquery /? for help. On 11/16/06, hboogz <[EMAIL PROTECTED]> wrote: > > Joe, > > how do i find out if there are any duplicate SPN's ? > > On 11/16/06, joe < [EMAIL PROTECTED]> wrote: > > > > Do you have any duplicate SPNs? Well specifically the SPNs mentioned > > in the error? > > > > -- > > O'Reilly Active Directory Third Edition - > > http://www.joeware.net/win/ad3e.htm > > > > > > > > ------------------------------ > > *From:* [EMAIL PROTECTED] [mailto: > > [EMAIL PROTECTED] *On Behalf Of *hboogz > > *Sent:* Thursday, November 16, 2006 12 :09 PM > > *To:* [email protected] > > *Subject:* [ActiveDir] Kerberos is Killing Me! > > > > > > I am having continued issues with Kerberos. I tried running tokensz > > against the problem server and i get this error message.. > > > > C:\Tools>tokensz /compute_tokensize /package:negotiate /use_delegation > > /target_s > > erver:host/phmaindc1 > > > > Name: Negotiate Comment: Microsoft Package Negotiator > > Current PackageInfo->MaxToken: 12128 > > > > Asked for delegate, but didn't get it. > > Check if server is trusted for delegation. > > > > QueryKeyInfo: > > Signature algorithm = > > Encrypt algorithm = RSADSI RC4 > > KeySize = 128 > > Flags = 2001c > > Signature Algorithm = -138 > > Encrypt Algorithm = 26625 > > QueryContextAttributes (lifespan): Status = 2148074242 0x80090302 > > SEC_E_NOT_SUPP > > ORTED > > > > > > any ideas ? > > > > I keep getting the following event log message on a domain controller > > which prevents users from accessing it and authenticating to it. > > > > Event Type: Error > > Event Source: Kerberos > > Event Category: None > > Event ID: 4 > > Date: 11/16/2006 > > Time: 12:02:37 PM > > User: N/A > > Computer: PHMAINDC1 > > Description: > > The kerberos client received a KRB_AP_ERR_MODIFIED error from the > > server host/phmaindc1.phippsny.org. The target name used was host/phprint1. > > This indicates that the password used to encrypt the kerberos service ticket > > is different than that on the target server. Commonly, this is due to > > identically named machine accounts in the target realm ( PHIPPSNY.ORG), > > and the client realm. Please contact your system administrator. > > > > For more information, see Help and Support Center at > > http://go.microsoft.com/fwlink/events.asp. > > > > > > Help! > > > > > > > > -- > > HBooGz:\> > > > > > > -- > HBooGz:\> -- HBooGz:\>
-- HBooGz:\>
