Export (0) Print
Expand All

Kerberos Client Configuration

Updated: November 30, 2007

Applies To: Windows Server 2008

If the client computers are joined to an Active Directory domain, the Kerberos client is configured to request ticket-granting tickets (TGTs) from the Kerberos Key Distribution Center (KDC) automatically. On successful receipt of the ticket, the Kerberos client caches the ticket on the local computer.


Event ID Source Message



The kerberos client received a KRB_AP_ERR_MODIFIED error from the server %1. The target name used was %3. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named server accounts in the target realm (%2), and the client realm (%4). Please contact your system administrator.



The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server %1. This indicates that the ticket used against that server is not yet valid (in relationship to that server time). Contact your system administrator to make sure the client and server times are in sync, and that the KDC in realm %2 is in sync with the KDC in the client realm.



The kerberos subsystem is having problems fetching tickets from your domain controller using the UDP network protocol. This is typically due to network problems. Please contact your system administrator.

Related Management Information

Kerberos Client

Core Security

Community Additions

© 2016 Microsoft