Server unavailable for certain clients

Server unavailable for certain clients: Posted by Mario on January 25th, 2006; Environment:
Our logical network environment consists of a single AD 2003 domain running
Windows Server 2003 Forest Functional Level and Windows Server 2003 Domain
Functional Level. The physical network environment consists of two Sites;
Site A and Site B. Each site contains one Domain Controller, which are both
configured as Global Catalog Servers.

Servers: Windows 2003 Server Standard Edition SP1
Language: Dutch Windows version
Domain: domain.com
Clients: Windows XP Pro SP2

Problem:
Certain clients and the DC located at Site B are unable to connect to
resources (Fileshares, Live Communication Server, Sharepoint Portal Server
2003 and other web Content) located on ServerA1 but are able to connect to
resources located on other servers located at Site A and are able to ping
ServerA1.

Some clients in Site B though are able to connect to resources hosted by
ServerA1 while most others are not. All clients located at Site A are able to
connect to ServerA1.

As a workaround we rebooted ServerA1. All clients located at all sites were
immediately able to connect to ServerA1. Unfortunately the problem keeps
re-occurring 7 days after reboot.

I think this problem is caused by a Kerberos issue, but Iâ€™m not absolutely
sure the errors are related to the problem weâ€™re experiencing. When I checked
the eventlogs on the clients the following events had occurred:

--------- System log Client (Site A &
B)----------------------------------------------
Event Type: Failure
Event Source: Kerberos
Event Category: None
Event ID: 4
Date: 25-1-2006
Time: 9:06:23
User:
Computer: ClientB1
Description:

The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
host/dcb.domain.com. This indicates that the password used to encrypt the
kerberos service ticket is different than that on the target server.
Commonly, this is due to identically named machine accounts in the target
realm (domain.com), and the client realm. Please contact your system
administrator.

When I checked the eventlogs on DCB the following events had occurred:

--------- Security log Domain Controler DCB--------------------------------
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 25-1-2006
Time: 9:06:27
User: NT AUTHORITY\SYSTEM
Computer: DCB
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 10.1.2.124
Source Port: 0

I have already taken the following troubleshooting steps:

- Configured Windows Time Services to sync with reliable source
- Checked DNS configuration (appears to be configured correctly)
- Completely re-installed server ServerA1 (Problem re-occurred) Note: AD
objects were not removed prior to reinstallation.

Could someone please help us resolving this issue?

Thanks,

--
Mario Delamboy

Similar Posts

The RPC server is unavailable. (Microsoft Windows) by Jac
The RPC Server is unavailable (Windows NT) by KenG
RPC Server Unavailable (Windows NT) by admin
Re: Server Unavailable (Help and Support) by phooeye
RPC Server unavailable DFS, (Windows 2000) by Amit Kaushal