| Event Id | 4 |
| Source | Kerberos |
| Description | The kerberos client received a KRB_AP_ERR_MODIFIED error from the server <computer name>$. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (<domain name>), and the client realm. Please contact your system administrator. |
| Event Information | According to Microsoft: EXPLANATION: Kerberos cannot authenticate the Web program user because the server cannot verify the Kerberos authentication request sent by the client. This usually happens when there is an account in the target domain with the same name as the server in the clients domain. If so, the ticket is issued for the server in the clients domain and it cannot be decrypted by the recipient server in the target domain. USER ACTION: Search the client domain for accounts with the same name as the target server, and then either rename the duplicate account or remove it. Upgrade to the latest SP. There were some Kerberos caching issues fixed in WinXP SP1. The log might indicate an account name collision in your domain. Look for multiple accounts in the domain with the name SRV1. Possibly even a user account. |
| Reference Links | Windows Operating System (Kerberos) New Resolution for Problems That Occur When Users Belong to Many Groups Troubleshooting Kerberos Errors |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.