RE: [ActiveDir] Strange DC behaviour and error

Wed, 15 Nov 2006 11:17:39 -0800

Compare the IP registered for phmaindc1 in DNS to the actual IP address of this machine. Do you see any discrepancy?
 
Is this your only DC? If not, then I'd demote it, clean it completely out of AD (ADUC, AD Site and services, DNS), and then re-promote it.

Sincerely,
   _____                               
  (, /  |  /)               /)     /)  
    /---| (/_  ______   ___// _   //  _
 ) /    |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/                             /)     
                               (/      
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
-5.75, -3.23
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon

From: hboogz
Sent: Wed 11/15/2006 9:43 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Strange DC behaviour and error

Hey Guys,
 
I receive this error on my DC and my newly created Citrix Server.
 

Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 4
Date:  11/15/2006
Time:  12:30:17 PM
User:  N/A
Computer: PHMAINDC1
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/phmaindc1.phippsny.org.  The target name used was DNS/phmaindc1.phippsny.org. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named  machine accounts in the target realm ( PHIPPSNY.ORG), and the client realm.   Please contact your system administrator.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 

The citrix server can't connect to the termincal server licensing component on here and everytime a user logs in, they receive an access denied indicated that they could retrieve their TS profile information.
 
everytime i try to run dsa.msc on the citrix box, i get an error.
 
I'm running windows 2003 standard R2 on AD and standard w/ SP1 on the citrix box.
 
I also get this error/message when i run dcdiag on the dc
 
 
         The account PHMAINDC1 is not a DC account.  It cannot replicate.
         Warning:  Attribute userAccountControl of PHMAINDC1 is: 0x1000 = ( UF_W
ORKSTATION_TRUST_ACCOUNT )
         Typical setting for a DC is 0x82000 = ( UF_SERVER_TRUST_ACCOUNT | UF_TR
USTED_FOR_DELEGATION )
         This may be affecting replication?
 
any ideas ? i'm stuck with all my citrix users being denied logon!
 
 
 
 


--
HBooGz:\>

Reply via email to