Re: Kerberos errors after swapping domain controller IPs
- From: Nick Domukhovsky <ndomukhovsky@xxxxx>
- Date: Fri, 20 Apr 2007 11:55:40 +0600
I have four domain controllers in my domain - 2 older dcs and 2 newer dcs.Check name resolution on problematic servers. May be there are some
The two older dcs were the DNS and WINS servers that all network devices were
pointed to. I moved the IP addresses from the older two dcs to the newer two
dcs so all network devices would not have to be repointed. The older dcs
were reassigned new IPs. I made sure DNS and WINS showed all the updated IPs
at the end of this process.
This process went well except that now I see Kereberos errors on multiple
servers in my domain. I am not seeing any problems - just the error messages.
Error message:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
host/NEW SERVER. The target name used was ldap/OLD SERVER. This indicates
that the password used to encrypt the kerberos service ticket is different
than that on the target server. Commonly, this is due to identically named
machine accounts in the target realm (DOMAIN), and the client realm. Please
contact your system administrator.
Please help if you have seen this and know of a fix. I am not sure if this
is a real problem or not.
Thanks.
hosts entries or simply you have old IPs cached.
And you should purge all Kerberos tickets (for example, with "klist
purge" command, klist utility can be obtained form Resource Kit package).
--
With best regards
Nickolay Domukhovsky, MCSA
.
- Prev by Date: Re: ADFS Development Issues
- Next by Date: Re: email address in AD
- Previous by thread: Re: Kerberos errors after swapping domain controller IPs
- Next by thread: Ldap for query
- Index(es):
Relevant Pages
|
