One of my Domain Controllers started producing the following errors: Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 4
Date: 1/18/2008
Time: 10:52:39 AM
User: N/A
Computer: FOO
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/foo2.bar.domain.com. The target name used was LDAP/FOO2. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (BAR.DOMAIN.COM), and the client realm. Please contact your system administrator.
Replication seemed to be disabled and the server was not able to contact the FOO (foo.domain.com) domain. To correct the issue, two commands were run:
The first command identified that both inbound and outbound replication were in fact disabled:
> repadmin /options foo
Current DC Options: IS_GC DISABLE_OUTBOUND_REPL DISABLE_INBOUND_REPL
As can clearly be seen, both inbound and outbound replication are disabled. To correct this, I ran:
> repadmin /options foo -DISABLE_OUTBOUND_REPL
> repadmin /options foo -DISABLE_INBOUND_REPLAfter issuing these commands, the Current DC Options had only IS_GC listed. From here, I Reset the Machine Account Passwords using netdom:
> netdom resetpwd /server:FOO /userd:BARmyadminaccount /passwordd:*The command completed successfully and I promptly restarted the server. Once it reboot, the system appeared to be replicating properly and was happily accessing the domain.
