Question
Thread display: Collapse - |
All Answers
Start or search
Create a new discussion
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
The kerberos client received a KRB_AP_ERR_MODIFIED
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/node-01.domain.local. The target name used was cluster-01. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server.
So I started digging around and trying to find out what was happening - but nothing is broken. If I stop the cluster using kerberos, then the errors disappear, but obviously delegation doesn?t work. The issue is easy to replicate, just open up a drive share using the virtual server name and the error appears in the event log (access is still granted however) If you open up the same share using the active nodes network name then the error doesn?t appear.
Now I can guess at what is happening, but I have no idea why - and on all 3 clusters across different forests. I?ve checked all the DNS / WINS / SPN settings and cant find a thing wrong....
anyone have any ideas?
cheers