KB 230476 explains that this indicates that the server was unable to
decrypt the ticket sent by the client.
230476 Description of Common Kerberos-Related Errors in Windows 2000
http://support.microsoft.com/?id=230476
This could be the result of duplicate machine names on the network and the
response is going to the wrong machine, or the DC could be multi-homed and
it is responding on the wrong network adapter.
If the error indicates a service principal name (spn) then make sure that
spn is registered on the DC. You can use the setspn utility from the
Windows 2000 Support Tools to register an spn.
David Pharr, (e-mail address removed)
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Content-Class: urn:content-classes:message
| From: "Alberto" <
[email protected]>
| Sender: "Alberto" <
[email protected]>
| Subject: Kerberos Error Id4
| Date: Wed, 12 Nov 2003 07:12:15 -0800
| Lines: 13
| Message-ID: <
[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Thread-Index: AcOpL1tDrByku5AjS9euIA3oJgrFTQ==
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Newsgroups: microsoft.public.win2000.active_directory
| Path: cpmsftngxa06.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.active_directory:55993
| NNTP-Posting-Host: TK2MSFTNGXA08 10.40.1.160
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| The Kerberos client received a KRB_AP_ERR_MODIFIED error
| from the server. etc.
|
| This message appears into the event viewer when I log on
| in Domain Windows 2000 Server
|
| Client Windows XP Professional.
|
| ID Event: 4
|
|
|
|
|
