Re: Kerberos errors after swapping domain controller IPs

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
Date: Thu, 19 Apr 2007 23:50:56 +0100

Hi
I'm not sure if Al agrees but, You can try to stop the KDC service on all
the DCs and reset the secure channel on each DC using the netdom command.

After resetting the secure channel password, you can reboot the server.
Repeat the process on the remaining DC's. Turn the KDC back on .

--
I hope that the information above helps you.
Have a Nice day.

Jorge Silva
MCSE, MVP Directory Services

--------------------------------------------------

"Frank" <Frank@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:012FD5F3-02B3-47CB-9777-03AD15203308@xxxxxxxxxxxxxxxx

I have four domain controllers in my domain - 2 older dcs and 2 newer dcs.
The two older dcs were the DNS and WINS servers that all network devices
were
pointed to. I moved the IP addresses from the older two dcs to the newer
two
dcs so all network devices would not have to be repointed. The older dcs
were reassigned new IPs. I made sure DNS and WINS showed all the updated
IPs
at the end of this process.

This process went well except that now I see Kereberos errors on multiple
servers in my domain. I am not seeing any problems - just the error
messages.

Error message:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
host/NEW SERVER. The target name used was ldap/OLD SERVER. This indicates
that the password used to encrypt the kerberos service ticket is different
than that on the target server. Commonly, this is due to identically named
machine accounts in the target realm (DOMAIN), and the client realm.
Please
contact your system administrator.

Please help if you have seen this and know of a fix. I am not sure if
this
is a real problem or not.

Thanks.

Prev by Date: Re: One bad DC?
Next by Date: Re: Default Domain User Profile
Previous by thread: Re: Kerberos errors after swapping domain controller IPs
Next by thread: Re: Kerberos errors after swapping domain controller IPs
Index(es):
- Date
- Thread

Relevant Pages

Re: SYSVOL GPOs re:copying
... If you create a test user account on each DC, does it successfully replicate to each of the other DCs? ... Stop FRS on each of the new DCs. ... open a command prompt and change directory into the GPMC scripts folder. ... The effort and/or risk in fixing this server seems to exceed the ...
(microsoft.public.win2000.active_directory)
Re: PDC Is not replicating !!
... server on the replication DC. ... I have ACE server installed. ... > DCs replicating by disabling replication when USN rollback is ... > If you used imaging to copy your production environment into a lab ...
(microsoft.public.win2000.active_directory)
Re: Windows 2003 R2 Active Directory Performance Question
... In a single forest domain, like domain.com, you should make ALL DCs Global catalog server as the IM has nothing to do. ... and 1 is running DHCP) spread across multiple VLANs (multiple NICs ... buildings, some buildings are 1 mile, some are 7 miles away ...
(microsoft.public.windows.server.active_directory)
Re: Sites & Services - DSAccess w/E2K3 SP2
... I don't believe the firewalls are the issue as they are set to any-any among ... the all the DCs and exchange server. ... All the DCs replicate information in a mesh ... Immediately after upgrading to Exchange 2003 SP2, ...
(microsoft.public.exchange.admin)
User autentification and access to "sister" domain resources
... I am in process of designing brand new AD structure for our customer. ... 2003 Servers - pretty classic design ... All DCs are Global Catalogs. ... user_from_domainA gets IP address from siteB DHCP server ...
(microsoft.public.win2000.active_directory)