Kerberos Event ID 4 - draft

Event Type: Error

Event Source: Kerberos

Event Category: None

Event ID: 4

Date: 4/18/2007

Time: 2:01:16 AM

User: N/A

Computer: computer1

Description:

The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/njmail01.corpdomain.com. The target name used was COMPUTER2. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (CORPDOMAIN.COM), and the client realm. Please contact your system administrator.



Theory that needs more study to verify:



A client requested service/resource from COMPUTER2, it got ticket that had been encrypted with COMPUTER2's key. But somehow it sent the ticket to COMPUTER1, who couldn't decrypt the ticket because it didn't have correct key.



Cause: 1. DNS or other name resolution error causes the client sending ticket to wrong machine. Check if there is any wrong/duplicate A/PTR records for COMPUTER1 and COMPUTER2



2. Computer2 didn't have one of its SPNs registered. When a request for that service with respective ticket comes in, the ticket then is sent to the local computer account, which has host/SPN(or cifs/SPN) automatically created. In this case, host/SPN isn't the service that is expected, therefore the error generated.



Example: COMPUTER2 is a sql server, it should have had a sql/SPN registered for its service account, but it didn't. When a client asks for sql service from computer2, ideally the ticket should be sent to sql service but since there isn't sql/SPN record in AD, the ticket is sent to local machine account(computer2) instead. The local computer tries to use its automatically generated cifs/SPN(host/SPN) to decrypt the ticket and fails.

Microsoft Link

(search on keyword KRB_AP_ERR_MODIFIED)

LDAP search filter syntax and matching rules

http://msdn2.microsoft.com/en-us/library/aa746475.aspx

How to set up WebDav folder

SERVER SIDE

================



WebDav has to be a separate site with no host header.

1. Open the properties, go to "Web Site"\Advanced\, make sure "Host header value" is empty

2. Go to "HTTP Headers", remove all "Custom HTTP Headers"

3. The root folder will be shared as \.



To add other folders to be shared:

1. Windows Explorer

2. Open the properties of the folder, Web Sharing

3. In "Share on" dropdown list, select the website we created

4. Select "Select this folder", give it an alias





CLIENT SIDE

====================

1. Go to "My network places"

2. Add an alias

Scheduled Task won't run

When this happens I am sure you will be told to check your permissions here and there, but you are sure you have all needed permissions set perfectly. So you put yourself into google search, still, everybody talks about nothing but permissions.

And -

Here is another important thing to check: to run as a schedule tasks, the credential used must have "Log on as batch job" privilege. This will be added for you automatically when you created jobs, sweet. However, if it is removed later on with whatever reason, or overrided by Group Policy, that is when issue starts.

Interpreting Userenv.log file

https://blogs.technet.microsoft.com/askds/2008/11/11/understanding-how-to-read-a-userenv-log-part-1/

https://blogs.technet.microsoft.com/askds/2008/11/11/understanding-how-to-read-a-userenv-log-part-2/

end#

Very good exchange article collections - Exchange Insider Articles.

http://technet.microsoft.com/en-us/library/aa996113.aspx

end#

Domain Controller Location Process

http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbc_nar_azuo.mspx?mfr=true

Network Determination Behavior for Network-Related Group Policy Settings

http://www.microsoft.com/technet/community/columns/cableguy/cg0504.mspx

end#

Delegated permissions are not available and inheritance is automatically disabled

http://support.microsoft.com/kb/817433

end#

Can't export your Unicode field from AD using ldifde?

Whenever a string ends with a newline, you can't export plain text.

Issues when RRAS on the Domain Controller

A lot small companies have various weird issues while all configurations look good:

 

http://support.microsoft.com/?id=292822

What to do when you are blacklisted

http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_22128892.html

 

end#

Dssec.dat

ADUC doesn't list all properties in GUI. To change what properties to be listed, modify the file "systemroote\system32\dssec.dat".

Reply to meeting request gets NDR

Manager sends the meeting request and the attendees accept it and immediately they get and NDR stating "The following recipient(s) could not be reached" with a deleted user account's name in it.

This can happen if the deleted user had been delegated access to the managers mailbox and the check box which states "Send meeting requests and responses only to my delegates not to me" had been checked in outlook delegates tab.

In certain cases you would still see the check box ticked and grayed out even after the delegatee has been removed from the outlook setting. You could add someone else as a delegatee and then remove the tick and then remove the delegatee again to clear the checkbox.

SMTP Tar Pitting in Windows 2003 SP1

What is SMTP tar pitting?

Tar pitting is the practice of deliberately inserting a delay into certain SMTP communications that are associated with spam or with other unwanted traffic. To be effective, these kinds of communications typically rely on generating a high volume of traffic. By slowing an SMTP conversation, you can dramatically reduce the rate at which automated spam can be sent or at which a dictionary attack can be conducted. Legitimate traffic may also be slowed by tar pitting.

The tar pit feature is available in Microsoft Windows Server 2003 and in several third-party SMTP servers. The tar pit feature in Windows Server 2003 works by slowing all responses that contain SMTP protocol 5.x.x error codes.

Tar pitting is a feature of Windows 2003 so Exchange 2000 can benefit too.

http://support.microsoft.com/default.aspx?kbid=842851