Re: Kerberos error event ID:4
- From: "Adam Raff" <araff@xxxxxxxxxxxxxxxx>
- Date: Fri, 11 Apr 2008 08:52:59 -0400
1: What do you mean by normally quit. I just shut down the computer.
2: Yes they had the same IP address
Please see below with your following info
Suggestions:
1: Not Yet
2:Did this already and ran ipconfig on new system HPprintcut
3:Did this as well
4:I looked in Wins but did not see any IP or name listed
5:Next option if I have to
6: I am working on that as we write hope to have it done in two months
"David Shen [MSFT]" <v-dashen@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:nL5FEn5mIHA.4932@xxxxxxxxxxxxxxxxxxxxxxxxx
Dear Customer,
Thank you for posting in newsgroup.
According to the description, you have encountered the Kerberos error
(Event ID 4) on both of the DCs after you replaced the old computer
"flexprintserver" with the new computer "hpprintcut" in the domain. If I
have any misunderstanding, please feel free to let me know.
For troubleshooting this error, I would like to confirm some information
with you firstly.
Information Needed:
======================
1. Did you make the old computer "flexprinterserver" normally quit the
Windows 2003 domain?
2. Does the new computer and the old computer hold the same IP address?
Analysis:
================
This event will occur if you present a service ticket to a principal
(target computer) which cannot be decrypted by the target. The service
ticket is encrypted using the shared secret of the machine account's
password as a seed for the resulting encryption used on the service
ticket.
This ensures that only the KDCs (DCs) and the target principal can decrypt
the ticket. The client presents encrypted ticket it received from the KDC
to the target server. If the server can decrypt the ticket, the server
then
knows that it was encrypted by a trusted source (the DC) and the presenter
(the client) is also trusted. If shared secret (machine account password)
used to encrypt the ticket is different between the KDC and the target
machine, the ticket cannot be decrypted and the failure occurs.
Suggestions:
=============
1. Please launch "Active Directory Users and Computers" on the domain
controller, expand the domain and in the container of "Computer", please
ensure old computer account "flexprintserver" has been removed and the new
computer account "hpprintcut" exists.
2. Please verify that IP address of the new computer exists in the DNS
Server and the IP address is correctly pointed to the new server. You may
run "ipconfig /flushdns" to flush the DNS cache and then run "ipconfig
/registerdns" on the new computer "hpprintcut" to manually register the
DNS
record.
3. Please verify that the IP address of the old computer "flexprintserver"
has been removed in the DNS Server; in addition, please ensure that no
"flexprintserver" A or Alias records exist in DNS.
4. Please also perform check in WINS to ensure that no "Flexprintserver"
records exist.
5. Please check if the issue re-occurs, if possible, you may make the new
computer re-join the Windows 2003 domain.
6. I would like to suggest that you install and apply the service pack 2
for Windows Server 2003 on all the domain controllers.
Reference:
============
How to obtain the latest service pack for Windows Server 2003
http://support.microsoft.com/kb/889100
Hope all the information will be helpful.
I look forward to your reply and thank you for your time.
David Shen
Microsoft Online Partner Support
.
- References:
- Kerberos error event ID:4
- From: Adam Raff
- RE: Kerberos error event ID:4
- From: David Shen [MSFT]
- Kerberos error event ID:4
- Prev by Date: RE: Download Correct 64 bit OS Version
- Next by Date: Mapped drives and My Network Places
- Previous by thread: RE: Kerberos error event ID:4
- Next by thread: RE: Kerberos error event ID:4
- Index(es):
Relevant Pages
|
