Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, May 3, 2017 5:26 PM
I am preparing to retire my SBS 2008 main server and make my Server 2012 R2 server the only server. I have already made it a secondary domain controller. I successfully transferred the Companyweb web site. I ran DCDIAG and all was good. I made a mistake long ago when I first named the 2012 server, and decided to see if this could be corrected. I found a document on how to do this (can't link, apparently I'm unverified) and followed it. I found that IIS7 was still listing the old name at the top of the tree and changed it. I ran DCDIAG and got three errors. Two of them seemed related to the IIS7 naming issue. The third I can't figure out at all.
An error event occurred. EventID: 0x40000004
Time Generated: 05/03/2017 11:13:24
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server <logged in user name>. The target name used was HTTP/<SBS server name>.local. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (<Local domain>.LOCAL) is different from the client domain (<Same local domain>LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
I have several expired self-issued certificates on my SBS server. I found Troubleshooting Autoebrollment (again can't link) but none of the registry keys or GPOs (in RSOP) mentioned there exist. I bet it's been caused by my renaming. Any ideas?
All replies (2)
Thursday, May 4, 2017 7:39 AM
Hi,
》》An error event occurred. EventID: 0x40000004
Time Generated: 05/03/2017 11:13:24
Event String:
According your error message,you could follow this blog:
Fixing the Security-Kerberos / 4 error
https://blogs.technet.microsoft.com/dcaro/2013/07/04/fixing-the-security-kerberos-4-error/
Best Regards
Cartman
Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact [email protected]
Friday, May 12, 2017 7:49 AM
Hi,
I am checking to see if the problem has been resolved. If there's anything you'd like to know, please feel free to ask.
Best Regards
Cartman
Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact [email protected]