[Kerb] Getting error KRB_AP_ERR_MODIFIED from server

Asked By 0 points N/A Posted on -
qa-featured

In my server (with Kerberos client), I keep getting a "KRB_AP_ERR_MODIFIED" error from the server host/Server.Server.cr.

What could be the problem on my Kerberos server?  Please advise.

SHARE
Best Answer by tibor.tokie
Best Answer
Best Answer
Answered By 25 points N/A #96346

[Kerb] Getting error KRB_AP_ERR_MODIFIED from server

qa-featured

Dear Noellepineda

The error message u got indicates that the password that was used to encrypt the Kerberos service ticket is not the same on the target server. This might be due to identical named machine accounts in both the target and client realms. May be the user doesn't have a local NTFS access permission or the application pool has poor permission settings. To resolve this issue, verify that the server has been setup with correct NTFS settings. Verify that each cluster node has been setup too with correct DNS settings. Verify that nodes have been setup with the correct "Application pool" settings. Lastly verify that the browser has been setup with the correct security settings.

Hope this may help you.

Best of luck

Answered By 590495 points N/A #96348

[Kerb] Getting error KRB_AP_ERR_MODIFIED from server

qa-featured

This is usually experienced when a user was prompted for a username and password when accessing an NLB virtual IP/NLB Virtual Name and then a very long error message will appear with “KRB_AP_ERR_MODIFIED” included in the message. One of the possible reasons is a mismatch or a disparity in the DNS name resolution.

This is very common in an NLB environment that uses multiple IPs or multiple network adapters. Another reason is if the user doesn’t have a local NTFS access privilege or permission. It is also possible that the website is using an Application Pool that has poor permission settings. To correct this issue, verify that the IIS or the Internet Information Services has been configured with the right NTFS settings.

You can do this with an Integrated Windows Authentication [IIS 6.0]. Verify each cluster node if it has been setup with the correct DNS settings. You should also validate that the node has been configured with the right Application Pool settings. And finally, confirm that your Microsoft Internet Explorer has been configured properly with the correct security settings.

For instructions on how to configure the Application Pool, visit Configuring Application Pool Identity with IIS.

Related Questions