|Product:||Windows Operating System|
|Message:||The kerberos subsystem encountered a PAC verification failure.
This indicates that the PAC from the client %1 in realm %2 had a PAC which failed to
verify or was modified. Contact your system administrator.
Verify that the secure channel is up by running nltest.exe from the command prompt on the domain controller. If the secure channel is down, restore the domain containing the service account.
Nltest.exe is available on the Microsoft Windows Server Resource Kit CD.
Kerberos cannot authenticate the Web program user because the server cannot verify the privilege attribute certificate (PAC) of the client. This occurs when the domain containing the service account is down and the secure channel between the computer that the service is running on and the domain containing the service account is down.