I've been finding this event in logs on computers in my domain recently. I've seen it on a variety of servers and workstations, so I think it's probably affecting all domain members. The specific domain controller mentioned in the text of the event varies, it could be any one of our domain controllers. I'm not sure when it started. I've been trying to search for a solution, but so far I'm not finding anything that quite fits.
Log Name: System Source: Microsoft-Windows-Security-Kerberos Date: 12/22/2014 10:21:55 AM Event ID: 4 Task Category: None Level: Error Keywords: Classic User: N/A Computer: HOST.DOMAIN.COM Description: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server DOMAINCONTROLLER$. The target name used was cifs/DOMAIN.COM. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (DOMAIN.COM) is different from the client domain (DOMAIN.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
How can I track down the cause of this issue?