I am trying to figure out why my Server 2 which is a domain controller is getting an error saying "Access Denied" when I am trying to access group policy management. I have checked and it is giving some kind of Kerberos error. I am unsure how to fix the Access is denied error. Active directory seems to be working. When I do an NLTEST it says that it is seeing itself as the DC it is getting information from.
Here is where it gets weird. After going into some of the errors I found that I cannot access anything when I try to access the Server1 which is my Fully Qualified Domain server or primary Domain controller. When I try to go to file shares on the PDC from the BDC it states I don't have access. When I go the opposite direction things work out correctly. Now when I checked the event logs it states it has been to long since replication has happened to the Server2 from Server1. As far as I can tell Server2 has not access to get to Server1. I am stumped. OH AND TO MAKE THINGS WORSE the group policy set on Server2 will not allow for registry editing.
As started before I think this is a Kerberos thing but I can't figure out how to reset or even sync the Kerberos passwords with this access is denied problem. And this whole mess started when one of our servers time clock messed up do to a bad CMOS battery. So the Server1 time is set correctly and so is Server2 but still getting an issue.
I am getting this error -> The Kerberos client received a KRB_AP_ERR_MODIFIED error I have done some research and I don't have any way of getting around that. Can anyone help me or give me some guidance as I have not mucked around with FQDNs and 2 DCs at the same time. And it makes it more a pain I can't edit the registry or the fact that it is looking to itself as a domain for references. Can any one help me with my replication issue?
