Inonino
2010-02-09 19:47:16 UTC
We have various branches connected to our main branch, but one of the
domain controller from one of the small branches is having issue and
is not replicating with DCs in the main office. It is also generating
the event ID #4:
"The kerberos client received a KRB_AP_ERR_MODIFIED error from the
server host/name_host.domainname.local. The target name used was host2/
name.host.domainname.local. This indicates that the password used to
encrypt the kerberos service ticket is different than that on the
target server. Commonly, this is due to identically named server
accounts in the target realm (%2), and the client realm (%4). Please
contact your system administrator."
Any idea what would be the best solution for our problem or what we
need to fix?
Below is the result I am getting when I run the the "dcdiag"
command:
Computer Name: Hostname
DNS Host Name: hostname.domainname.local
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
List of installed hotfixes :
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : MyServerHostName
IP Address . . . . . . . . : 132.X.X.X
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 132.X.X.X
Dns Servers. . . . . . . . : 132.X.X.X
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenge
r Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{86E69554-BF1F-420C-8B5A-A6E8473FF1AA}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00>
'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
[WARNING] The DNS host name 'hostname.domainname.local' valid only
on Windows
DNS Servers. [DNS_ERROR_NON_RFC_NAME]
PASS - All the DNS entries for DC are registered on DNS server
'132.X.X.X' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{86E69554-BF1F-420C-8B5A-A6E8473FF1AA}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{86E69554-BF1F-420C-8B5A-A6E8473FF1AA}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Passed
Secure channel for domain 'DomainName' is to '\
\hostname_ho.domainname.local'.
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC
'hostname_ho.domainname.local'.
[WARNING] Failed to query SPN registration on DC
'hostname_ho.domainname.local'.
[WARNING] Failed to query SPN registration on DC
'hostname_ho.domainname.local'.
[WARNING] Failed to query SPN registration on DC
'hostname_ho.domainname.local'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed
information
The command completed successfully
domain controller from one of the small branches is having issue and
is not replicating with DCs in the main office. It is also generating
the event ID #4:
"The kerberos client received a KRB_AP_ERR_MODIFIED error from the
server host/name_host.domainname.local. The target name used was host2/
name.host.domainname.local. This indicates that the password used to
encrypt the kerberos service ticket is different than that on the
target server. Commonly, this is due to identically named server
accounts in the target realm (%2), and the client realm (%4). Please
contact your system administrator."
Any idea what would be the best solution for our problem or what we
need to fix?
Below is the result I am getting when I run the the "dcdiag"
command:
Computer Name: Hostname
DNS Host Name: hostname.domainname.local
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
List of installed hotfixes :
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : MyServerHostName
IP Address . . . . . . . . : 132.X.X.X
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 132.X.X.X
Dns Servers. . . . . . . . : 132.X.X.X
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenge
r Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{86E69554-BF1F-420C-8B5A-A6E8473FF1AA}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00>
'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
[WARNING] The DNS host name 'hostname.domainname.local' valid only
on Windows
DNS Servers. [DNS_ERROR_NON_RFC_NAME]
PASS - All the DNS entries for DC are registered on DNS server
'132.X.X.X' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{86E69554-BF1F-420C-8B5A-A6E8473FF1AA}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{86E69554-BF1F-420C-8B5A-A6E8473FF1AA}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Passed
Secure channel for domain 'DomainName' is to '\
\hostname_ho.domainname.local'.
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC
'hostname_ho.domainname.local'.
[WARNING] Failed to query SPN registration on DC
'hostname_ho.domainname.local'.
[WARNING] Failed to query SPN registration on DC
'hostname_ho.domainname.local'.
[WARNING] Failed to query SPN registration on DC
'hostname_ho.domainname.local'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed
information
The command completed successfully