We have two DC's running Windows 2003 R2 32-Bit (at least I think it's 32-bit, doesn't say anything). The second DC (ccdc2) is having all the error messages.
Both of the follow error messages are pulled from CCDC2, the second DC.
Error 1:
Event Type:Error
Event Source:Kerberos
Event Category:None
Event ID:4
Date:2/5/2013
Time:6:47:43 PM
User:N/A
Computer:CCDC2
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/ccdc1.cc.ad. The target name used was cifs/ccdc1. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly,
this is due to identically named machine accounts in the target realm (CC.AD), and the client realm. Please contact your system administrator.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Error 2:
Event Source:Kerberos
Event Category:None
Event ID:4
Date:2/5/2013
Time:6:16:26 PM
User:N/A
Computer:CCDC2
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/ccdc2.cc.ad. The target name used was CC\CCDC2$. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (CC.AD), and the client realm. Please contact your system administrator.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Here are the solutions that I have found, and tried thus far:
http://support.microsoft.com/kb/558115?wa=wsignin1.0
IIS is not installed on either of these two machines. We have a third server, not acting as a DC that has IIS installed on it.
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/f8a93cde-f1de-47b6-b85a-781c795825f7/
Tried to reset the local machine password, which seems to resolve the error for about an hour, then it comes back right away.
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/32622118-4a07-435b-8412-97efdd179fab/
No duplicate DNS entries.
We have tried to force remove the second DC and that failed because of a unknown error. We are stuck and have no other thoughts or solutions.