KRB_AP_ERR_MODIFIED between 2008 R2 DCs and a 2012 DC

for last month have been experiencing problems our ad replication. replication between our 2008 r2 dcs works doesn't last long between 2008 r2 dcs , 2012 dc.

the significant error appears in event viewer kerberos krb_ap_err_modified. have reset account passwords netdom many times after replication doesn't last more couple of days before failing again.

showrepl says --> the target principal name incorrect.

all dcs have configured primary dns , dc secondary dns server.

if kdc service activated in 2012 dc, works fine. after activating kdc service in other 2008 r2 dc, kerberos errors begin in server's event viewer. net view \\windows2012_dc returns "access denied" when 2008 kdc service enabled. stop service , perform klist purge, everything works again. 

none of dcs have been restored. no snapshot has been reverted either.

---

gobl1n

the issue got solved after modifying registry on w2008 servers  and giving priority ipv4 instead of ipv6:

hkey_local_machine\system\currentcontrolset\services\tcpip6\parameters\diabledcomponents --> 0x20

---

gobl1n

Windows Server  >  Directory Services