Windows Server 2012 core: domain controller computer account reset

I recently had a domain controller where the computer account had expired. All external authentication failed and i got error messages such as: “The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server”

As this was a Domain Controller and FSMO role keeper a domain re-join was not possible.

Solution (from command line):

  • Stop the KDC service: “Net stop “kerberos Key Distribution Center”
  • Delete kerberos tickets: “klist purge”
  • Reset password: “netdom resetpwd /s:[workingdc] /ud:domain\user /pd:*”
  • restart server: “shutdown -r”

Leave a Reply

Your email address will not be published.