Question : kerberos client received a KRB_AP_ERR_MODIFIED error

I have been getting this error for a while now. It doesn't seem to effect anyone using this computer but I need it to go away.
I checked dns and I don't see duplicate records for these 2 computers. I may be over looking it though.

AD has only one record for each. Both are workstations. I use remote installation service to install operating systems from an image on the server, I think this may be causing some of it.

Any ideas/suggestions? I really need to get rid of this.

The kerberos client received a KRB_AP_ERR_MODIFIED error from the server AFCOLL11$. The target name used was cifs/AFCSUP02.corporate.amfinco.com. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (CORPORATE.AMFINCO.COM), and the client realm. Please contact your system administrator.

Answer : kerberos client received a KRB_AP_ERR_MODIFIED error

Hi,
To resolve this, we need to know the domain structure. Please let us know how many DCs we have? What is the machine AFCSUP02 and AFCOLL11?

This happens due to the fact that the service ticket (TGS) that the client gets from the DC (for accessing the target server) and it represents to the target server is encrypted with a password (hash) which is not the current password of the target server.
When the target server tries to decrypt the ticket, it can not do so as its password has changed.

Now this can happen due to duplicate named machines, or broken replication between DCs.

Do you get any errors in directory services logs? Or anywhere in event viewer apart from KDC 4 / KDC 11...

Regards,

Arun.