RE: Critical Errors in System Log
- From: v-chacez@xxxxxxxxxxxxx (chace zhang)
- Date: Fri, 30 Jun 2006 07:17:16 GMT
HI Noone,
Thanks for you posting back.
I'm glad to hear the info was useful. If you have any other concern, please
do not hesitate to let me know.
I look forward to working with you in this Newsgroup
Have a nice day!
Best Regards,
Chace Zhang (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| X-Tomcat-ID: 99932037
| References: <#in0BBXmGHA.3732@xxxxxxxxxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain
| Content-Transfer-Encoding: 7bit
| From: v-chacez@xxxxxxxxxxxxx (chace zhang)
| Organization: Microsoft
| Date: Tue, 27 Jun 2006 06:49:23 GMT
| Subject: RE: Critical Errors in System Log
| X-Tomcat-NG: microsoft.public.windows.server.sbs
| Message-ID: <MjRmUXbmGHA.4928@xxxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| Lines: 123
| Path: TK2MSFTNGXA01.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:277627
| NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
|
| Hi Noone,
|
| Thanks for posting here!
|
| From the post, I understand that you receive the following Kerberos error
| on Small Business Server 2003 domain controllers:
|
| ------------------------------------------------------------
| EventID: 4 Source: Kerberos
|
| The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
| host/exchange.domain.local. The target name used was
| cifs/server.domain.local. This indicates that the password used to
encrypt
| the kerberos service ticket is different than that on the target server.
| Commonly, this is due to identically named machine accounts in the target
| realm (DOMAIN.LOCAL), and the client realm. Please contact your system
| administrator.
| ------------------------------------------------------------
|
| If I have misunderstood your concern, please let me know.
|
| Below is the explanation about the Kerberos error:
| ============================
|
| The Kerberos Error 4 error "KRB_AP_ERR_MODIFIED" was added in XP and
| Windows 2003 in response to issues around Kerberos failures seen in the
| field. In short this error indicates that the ticket was encrypted with
a
| password which is different than the password currently on the target
| server.
|
| This issue may occur if:
| ===================
|
| 1. DHCP allocated recently released addresses to clients requesting an
| address. In this circumstance the client will obtain the recently
released
| ip address and update its host record on the DNS server. If Server
queries
| a dns server for the clients address and is returned the ip address that
| was just assigned to another client. This generates the error because the
| new client is not able to decrypt its part of the kerberos ticket.
| Generally, this will occur if DHCP scope is running out. If that is the
| case, you need to increase the DHCP scope.
|
| 2. WINS / DNS mis-configuration. The name of the target server is
| mistakenly resolved to a different machine.
|
| 3. Service mis-configuration such as incorrect SPN registration.
|
| 4. Corrupted Secure Channel between computers.
|
| 5. Service is running on a cluster which isn't configured to use
Kerberos.
| If there is no Cluster configured, you can ignore this.
|
|
| Therefore, I suggest that we do the following:
| ===================
|
| 1. Check the DHCP Server to make sure that there are enough free IP
| addresses in the DHCP scope.
|
| 2. Open the DNS console on the DC. Open the Forward Lookup zone, expand
the
| dns domain. Check if there is an A record for each of the domain
| controller. if there is, delete it. Then, re-register the A record by
| running the command: ipconfig /registerdns
|
| 3. Open the DNS console, check the forward lookup zone to make sure that
| there is no two records pointing to a same IP address. If there is an A
| record for server.domain.local, please delete it.
|
| 4. Open Wins Management console, expand [Server name]\Active
Registrations,
| right click the Active Registrations, select Display Records, in Record
| Owners tab, select All the owners and then click Find Now. Check the WINS
| database to make sure that there is no two records pointing to the same
IP
| address and there is no a record for the removed machine "server".
|
|
| Hope the information above is helpful. I'm standing by for an update from
| you and if you have any other concerns, please do not hesitate to let me
| know.
|
| Have a nice day!
|
|
| Best Regards,
|
| Chace Zhang (MSFT)
|
| Microsoft CSS Online Newsgroup Support
|
| Get Secure! - www.microsoft.com/security
|
| =====================================================
| This newsgroup only focuses on SBS technical issues. If you have issues
| regarding other Microsoft products, you'd better post in the
corresponding
| newsgroups so that they can be resolved in an efficient and timely
manner.
| You can locate the newsgroup here:
| http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
|
| When opening a new thread via the web interface, we recommend you check
the
| "Notify me of replies" box to receive e-mail notifications when there are
| any updates in your thread. When responding to posts via your newsreader,
| please "Reply to Group" so that others may learn and benefit from your
| issue.
|
| Microsoft engineers can only focus on one issue per thread. Although we
| provide other information for your reference, we recommend you post
| different incidents in different threads to keep the thread clean. In
doing
| so, it will ensure your issues are resolved in a timely manner.
|
| For urgent issues, you may want to contact Microsoft CSS directly. Please
| check http://support.microsoft.com for regional support phone numbers.
|
| Any input or comments in this thread are highly appreciated.
|
| =====================================================
|
| This posting is provided "AS IS" with no warranties, and confers no
rights.
|
|
.
- References:
- Critical Errors in System Log
- From: Mark Gibbons
- RE: Critical Errors in System Log
- From: chace zhang
- Critical Errors in System Log
- Prev by Date: RE: Retrieving emails
- Next by Date: RE: dsquery
- Previous by thread: Re: Critical Errors in System Log
- Next by thread: 1 notebook, multiple business SBS domains - Best practice?
- Index(es):
Relevant Pages
|
