question

hunag-2744 avatar image
0 Votes"
hunag-2744 asked DaisyZhou-MSFT commented

Windows Server2016 Cluster & DC System eventlog Error

Hello,
I have 3 Windows Server2016 hosts and 2 AD hosts (Windows Server2016).
Two error events occurred in the system event of one of the AD hosts and two of Server2016 hosts, and an error event occurred in the cluster as follows:

1. system event id 1006 error code 82 errors keep coming every 5 minutes
System

-Provider

[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}

EventID 1006

Version 0

Level 2

Task 0

Opcode 1

Keywords 0x8000000000000000

-TimeCreated

[ SystemTime] 2021-05-26T15:50:33.2873694Z

EventRecordID 87646

-Correlation

[ ActivityID] {0a4159cb-04b5-458e-84b0-ad8857b81717}

-Execution

[ ProcessID] 1052
[ ThreadID] 5392

Channel System

Computer xxx

-Security

[ UserID] S-1-5-18


-EventData

SupportInfo1 1
SupportInfo2 6135
ProcessingMode 0
ProcessingTimeInMilliseconds 93
ErrorCode 82
ErrorDescription Local Error
DCName

2. system event id 4

he Kerberos client received a KRB_AP_ERR_MODIFIED error from the server xxx$. The target name used was cifs/xxx. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (xxx.LOCAL) is different from the client domain (xxx.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

System
Provider
[ Name] Microsoft-Windows-Security-Kerberos
[ Guid] {98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}
[ EventSourceName] Kerberos

-EventID 4
[ Qualifiers] 16384
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x80000000000000

-TimeCreated
[ SystemTime] 2021-05-26T15:46:16.4155662Z
EventRecordID 87638
Correlation

-Execution
[ ProcessID] 0
[ ThreadID] 0
Channel System
Computer xxx.xxx.local
Security

-EventData
Server xxx$
TargetRealm xxx.LOCAL
Targetname cifs/xxx
ClientRealm xxx.LOCAL

3. Cluster Event

Cluster network name resource detected that the associated computer object in Active Directory was disabled and failed in its attempt to enable it. This may impact functionality that is dependent on Cluster network name authentication.















windows-active-directorywindows-server-clustering
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @hunag-2744,
I just want to confirm the current situations.
Please feel free to let us know if you need further assistance.


Best Regards,
Daisy Zhou

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.

0 Votes 0 ·

Hello @hunag-2744,
I just want to confirm the current situations.
Please feel free to let us know if you need further assistance.


Best Regards,
Daisy Zhou

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.

0 Votes 0 ·

1 Answer

DaisyZhou-MSFT avatar image
0 Votes"
DaisyZhou-MSFT answered

Hello @hunag-2744,

Thank you for posting here.

Based on the description, do you mean "1. system event id 1006 error code 82 errors keep coming every 5 minutes" is generated on one of DC?

If so, you can try to restart the DC if possible to see if it helpfs.

And after the DC is restarted, you can open CMD(run as Administrator) and run gpupdte /force and click Enter, then check if the command is run successfully.


For the second error "2. system event id 4", you can refer to links below to troubleshoot.

Troubleshooting the Kerberos error KRB_AP_ERR_MODIFIED
https://jespermchristensen.wordpress.com/2008/06/12/troubleshooting-the-kerberos-error-krb_ap_err_modified/

The kerberos client received a KRB_AP_ERR_MODIFIED error from the server
https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/kerberos-client-krb-ap-err-modified-error

Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.


For the third error, please open a new post by selecting cluster tag, then there will be an engineer from cluster team to provide further help to you.

Thank you for your understanding and support.


Hope the information above is helpful.

Should you have any question or concern, please feel free to let us know.


Best Regards,
Daisy Zhou

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.