The kerberos client received a KRB_AP_ERR_MODIFIED error from the server %1. The target name used was %3. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (%2), and the client realm. Please contact your system administrator.

Details
Product: Windows Operating System
Event ID: 4
Source: Kerberos
Version: 5.2
Symbolic Name: KERBEVT_KRB_AP_ERR_MODIFIED
Message: The kerberos client received a KRB_AP_ERR_MODIFIED error from the
server %1. The target name used was %3. This
indicates that the password used to encrypt the kerberos service ticket
is different than that on the target server. Commonly, this is due to identically named
machine accounts in the target realm (%2), and the client realm.
Please contact your system administrator.
   
Explanation

Kerberos cannot authenticate the Web program user because the server cannot verify the Kerberos authentication request sent by the client. This usually happens when there is an account in the target domain with the same name as the server in the client’s domain. If so, the ticket is issued for the server in the client’s domain and it cannot be decrypted by the recipient server in the target domain.

   
User Action

Search the client domain for accounts with the same name as the target server, and then either rename the duplicate account or remove it.

Related:

Leave a Reply