cancel
Showing results for 
Search instead for 
Did you mean: 

Event ID 4

 
Pete74
Advisor

Event ID 4

I have been getting this error for about a week now. Can anyone help me figure this out?

Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 4
Date: 8/21/2007
Time: 10:25:14 AM
User: N/A
Computer: SERVER

Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server MAINTENCE3310$. The target name used was cifs/MELISSAXP.companyname.local. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (COMPANYNAME.LOCAL), and the client realm. Please contact your system administrator.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
1 REPLY
Lmm_1
Honored Contributor

Re: Event ID 4

Check this out:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerberr.mspx


KRB_AP_ERR_MODIFIED: Message stream modified
Associated internal Windows error codes
â ¢ SEC_E_WRONG_PRINCIPAL

â ¢ STATUS_WRONG_PASSWORD


Corresponding debug output messages
â ¢ DebugLog(â Failed to verify message: %x\nâ ,Status)

â ¢ DebugLog(â â Failed to encrypt message: %x\nâ ,Status)

â ¢ DebugLog(â Failed to encrypt message (crypto mismatch?): %x\nâ )

â ¢ DebugLog(â Checksum on TGS request body did not match\nâ )

â ¢ D_DebugLog(â Failed to create S4U checksum\nâ )

â ¢ DebugLog(â S4U PA checksum doesnâ t match!\nâ )

â ¢ DebugLog(â Pac was modified - server checksum doesnâ t match\nâ )

â ¢ D_DebugLog(DEB_TRACE,â Could not decrypt the ticket\nâ )


Possible Causes and Resolutions
Some encrypted Kerberos authentication data sent by the client did not decrypt properly at the server because:

â ¢ A service ticket is issued to the local computer account, for which a host/ SPN is automatically created, instead of to the service account, for which no SPN has been created. The reason for this is that a service does not register an SPN for itself, yet the service belongs to a service class for which the computer will automatically map the SPN to a host/service class. (Examples of this are the HTTP and Common Internet File System (CIFS) service classes.) The result is that the service cannot decrypt the resultant ticket.

Resolution

If the root cause appears to be that an SPN has not been set, verify that each service running on the target computer has an SPN set. Those services that do not have SPNs set might have had their SPNs remapped to the computerâ s host SPN. For more information about SPNs and how to set them, see Need an SPN Set earlier in this white paper.

â ¢ The authentication data was encrypted with the wrong key for the intended server.

â ¢ The authentication data was modified in transit by a hardware or software error, or by an attacker.

â ¢ The client sent the authentication data to the wrong server because incorrect DNS data caused the client to send the request to the wrong server.

Resolution


Verify that DNS is functioning properly.

â ¢ The client sent the authentication data to the wrong server because DNS data was out-of-date on the client.

Resolution

Verify that DNS is functioning properly.

â ¢ Two computers in different domains have the same name and the client sent the authentication data to the wrong computer.

Resolution

Verify that there are not multiple computers with the same name, including NetBIOS names, anywhere on the network