I have Openfire 3.3.3 on a server named Phantom.ad.mcbrideandson.com with about 100 spark clients on version 2.5.7, SSO is implemented and working properly. However, on the OpenFire server I have noticed that my event viewers system log is completely full of event ID’s 3 & 4.
Event ID 3 This is the most
frequent, and is occurring on computers from the mcbridehomes.pvt and on the
ad.mcbrideandson.com domain frequent errors from both domains, but it seems
mcbridehomes.pvt has the most
Mcbirdehomes.pvt: The mcbridehomes.pvt is another
domain with whom we have a trust. These computers do
NOT have spark installed at all, nor any jabber client.
Ad.mcbrideandson.com: ad.mcbrideandson.com is our domain
with the computers using spark, interestingly these computer names do not have
the .ad.mcbrideandson.com appended to them (though maybe the $ is
representative of that?)
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 3
Date: 10/26/2007
Time: 3:20:34 AM
User: N/A
Computer: PHANTOM
Description:
A Kerberos Error Message was
received:
on logon session
Client Time:
Server Time: 8:20:35.0000 10/26/2007
Z
Error Code: 0x7
KDC_ERR_S_PRINCIPAL_UNKNOWN
Extended Error:
Client Realm:
Client Name:
Server Realm: AD.MCBRIDEANDSON.COM
Server Name:
cifs/MBH-RG.mcbridehomes.pvt
Target Name:
cifs/MBH-RG.mcbridehomes.pvt@AD.MCBRIDEANDSON.COM
Error Text:
File: 9
Line: ae0
Error Data is in record data.
For more information, see Help and Support
Center at http://go.microsoft.com/fwlink/events.asp.
Event ID 4: This is another error we are
getting only on computers from the ad.mcbrideandson.com domain. It almost looks
like it might be occurring most on specific computers, as I often see the same
computer names in the logs.
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 4
Date: 10/26/2007
Time: 3:20:32 AM
User: N/A
Computer: PHANTOM
Description:
The Kerberos client received a
KRB_AP_ERR_MODIFIED error from the server MB-77$. The target name used was
cifs/MB-TRAINING2.ad.mcbrideandson.com. This indicates that the password used
to encrypt the Kerberos service ticket is different than that on the target
server. Commonly, this is due to identically named machine accounts in the
target realm (AD.MCBRIDEANDSON.COM), and the client realm. Please contact your
system administrator.
For more information, see Help and Support
Center at