Sorry I put wrong server details of netstat -s. Plz find now the correct one.
C:\>netstat -s IPv4 Statistics Packets Received = 207484084 Received Header Errors = 0 Received Address Errors = 4204 Datagrams Forwarded = 0 Unknown Protocols Received = 0 Received Packets Discarded = 0 Received Packets Delivered = 207479903 Output Requests = 203812438 Routing Discards = 0 Discarded Output Packets = 0 Output Packet No Route = 0 Reassembly Required = 4 Reassembly Successful = 2 Reassembly Failures = 0 Datagrams Successfully Fragmented = 2 Datagrams Failing Fragmentation = 0 Fragments Created = 4 ICMPv4 Statistics Received Sent Messages 123384 67298 Errors 0 0 Destination Unreachable 53043 285 Time Exceeded 5870 0 Parameter Problems 0 0 Source Quenches 0 0 Redirects 0 0 Echos 47557 19456 Echo Replies 16914 47557 Timestamps 0 0 Timestamp Replies 0 0 Address Masks 0 0 Address Mask Replies 0 0 TCP Statistics for IPv4 Active Opens = 182529 Passive Opens = 246806 Failed Connection Attempts = 120080 Reset Connections = 17762 Current Connections = 805 Segments Received = 206256325 Segments Sent = 199667155 Segments Retransmitted = 1662797 UDP Statistics for IPv4 Datagrams Received = 1090012 No Ports = 97063 Receive Errors = 17 Datagrams Sent = 2400610 ________________________________ From: raj esh L <rrcrajesh2...@yahoo.com> To: Christopher D. Clausen <cclau...@acm.org> Cc: kerberos@mit.edu Sent: Wed, 20 January, 2010 15:49:56 Subject: Windows event id 4 (kerberos) No samba and non-windows. All are windows servers. U:\>setspn -l SLH-001155 Registered ServicePrincipalNames for CN=SLH-001155,OU=Laptops,OU=SLH,OU=GBR,OU=E UR,DC=dir,DC=ucb-group,DC=com: HOST/SLH-001155 HOST/SLH-001155.dir.ucb-group.com U:\>setspn -l BRAPRINT001 Registered ServicePrincipalNames for CN=BRAPRINT001,OU=Servers,OU=Global,OU=BEL, OU=EUR,DC=dir,DC=ucb-group,DC=com: HOST/BRAPRINT001 HOST/BRAPRINT001.dir.ucb-group.com U:\>setspn -l ATL017784 Registered ServicePrincipalNames for CN=ATL017784,OU=Laptops,OU=ATL,OU=USA,OU=AM E,DC=dir,DC=ucb-group,DC=com: HOST/ATL017784 HOST/ATL017784.dir.ucb-group.com U:\>netstat -s IPv4 Statistics Packets Received = 38101798 Received Header Errors = 0 Received Address Errors = 42563 Datagrams Forwarded = 0 Unknown Protocols Received = 0 Received Packets Discarded = 0 Received Packets Delivered = 38059228 Output Requests = 31080179 Routing Discards = 0 Discarded Output Packets = 0 Output Packet No Route = 0 Reassembly Required = 85 Reassembly Successful = 37 Reassembly Failures = 0 Datagrams Successfully Fragmented = 9 Datagrams Failing Fragmentation = 0 Fragments Created = 18 ICMPv4 Statistics Received Sent Messages 227967 227817 Errors 0 13 Destination Unreachable 723 717 Time Exceeded 34 0 Parameter Problems 0 0 Source Quenches 0 0 Redirects 0 0 Echos 212083 15017 Echo Replies 15127 212070 Timestamps 0 0 Timestamp Replies 0 0 Address Masks 0 0 Address Mask Replies 0 0 TCP Statistics for IPv4 Active Opens = 143960 Passive Opens = 9560 Failed Connection Attempts = 4275 Reset Connections = 6759 Current Connections = 156 Segments Received = 36346619 Segments Sent = 29722129 Segments Retransmitted = 24512 UDP Statistics for IPv4 Datagrams Received = 1347067 No Ports = 268826 Receive Errors = 22753 Datagrams Sent = 1105790 Please let me know if any other information is required. ________________________________ From: raj esh L <rrcrajesh2...@yahoo.com> To: Christopher D. Clausen <cclau...@acm.org> Cc: kerberos@mit.edu Sent: Wed, 20 January, 2010 3:47:11 Subject: Re: Windows event id 4 (kerberos) Than Q very much for your information and would appreciate. But I verified SPNs and computer names - No duplication found. These computers not updated recently and exist from long time. Thanks once again about networking help .I would check and give you update. i will give the setspn details also. I spent days together to search the fix but did not find a correct solution. your help would be highly appreciable. we get the message on every day. But we see the same event id, same description with different names 'SLH-001155' with different cifs\ First of all, I do not understand clearly about the description. if you would explain what is going here with examples of server names based on description that would be great. ________________________________ From: Christopher D. Clausen <cclau...@acm.org> To: raj esh L <rrcrajesh2...@yahoo.com> Cc: kerberos@mit.edu Sent: Wed, 20 January, 2010 3:01:30 Subject: Re: Windows event id 4 (kerberos) Is this for an actual Windows computer? Or a non-Windows machine running something like Samba? ----- I see these all the time. I believe these occur on occation when a computer account automatically updates its machine account password in Active Directory. (This is a normal function of a computer joined to AD.) I'd suggest un-joining and re-joining the computer to the domain if this is a persistent problem on this system. If the issue persists you likely have a network connection problem. Check netstat -s output and look for high error counts and check duplex settings on all ends of the connection. ----- Another thing to check is for identially named accounts (as mentioned,) including SPNs that were set with setspn.exe or ktpass.exe. These are hard to track down and may require specific LDAP queries to locate. ----- Please send output of setspn -l SLH-001155 <<CDC raj esh L <rrcrajesh2...@yahoo.com> wrote: > We have observed Kerberos event id4 on one member server (Print > server )BRAPRINT001 (10.1.37.167). Please find the description below > about the event id. Can some one please help me on it ? > > Event Type: Error > Event Source: Kerberos > Event Category: None > Event ID: 4 > Date: 1/13/2010 > Time: 6:16:35 PM > User: N/A > Computer: BRAPRINT001 > Description: > The kerberos client received a KRB_AP_ERR_MODIFIED error from the > server SLH-001155$. The target name used was > cifs/ATL017784.dir.ucb-group.com. This indicates that the password > used to encrypt the kerberos service ticket is different than that on > the target server. Commonly, this is due to identically named > machine accounts in the target realm (DIR.UCB-GROUP.COM), and the > client realm. Please contact your system administrator. > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > > > ATL017784.dir.ucb-group.com [10.70.11.107] > > We captured network for it. Can you please help here what is going on? > > > captured file is available at http://www.megaupload.com/?d=WDIG1CAT > > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos