SQL Server - Kerberos and KRB_AP_ERR_MODIFIED

09 March,2012 by Jack Vamvas

On a routine scan of Event Viewer System, Logs I found this message on 4 different servers  hosting SQL Server installations

 

The kerberos client received a KRB_AP_ERR_MODIFIED error from the server MYCOMPUTER$.  This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named  machine accounts in the target realm (MY.DOMAIN.NET), and the client realm.   Please contact your system administrator.

 

Why was this occurring?

 

1)      A client was using a DNS CNAME to point traffic to serverB after decommissioning serverA . Removing the CNAME would have resolved the issue

2)      An entry in the /etc/hosts file . After renaming a server and setting up a new one with the same name the host-entry was not updated and so the new server pointed to the IP address of the old one

 

 

See Also

Event ID 40960 Cannot generate SSPI context

Server sudden shutdown unavailable


Author: Jack Vamvas (http://www.sqlserver-dba.com)


Share:

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment on SQL Server - Kerberos and KRB_AP_ERR_MODIFIED


sqlserver-dba.com | SQL Server Performance Tuning | SQL Server DBA:Everything | FAQ | Contact|Copyright & Disclaimer