You’re offline. This is a read only version of the page.
95
Hello
We have installed CRM on multiple severs and configured load balancing. All the services - asynchronous, sandbox, unzip service, monitoring service, and the app pool is configured to run on a domain account.
When there is a change in the password of the account, we have an internal process that updates the password on these services and also restarts the services including the app pool.
This has been working fine. Recently we started facing an issue whenever there is any password change for the account. CRM will not be accessible and getting the error below:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server . The target name used was XXXXXXXXXXXXXXXXXXXXX
This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (ZZZZZZZZZZZZZ) is
different from the client domain (ZZZZZZZZZZZZZZZZZZZ), check if there are identically named server accounts in these two domains, or
use the fully-qualified name to identify the server.
Once we reset IIS, everything is back to normal.
Would like to understand what different happens when we reset IIS, that CRM starts working that doesn't happen when we restart the services and the application pool.
Thanks in advance.
*This post is locked for comments
I have the same question (0)
Share
Report
All responses (
Answers (
