After the recent Nov Windows updates we have a number of entries in the Event log (system) stating: While procesing an AS request for target service krbtg, the account did not have a suitable key for generating a Kerberos ticket (the missing key has an id of 1). The requested etypes 18 17 23 24 -135 3. The accounts available etypes: 23 18 17. Changing the password will generate a proper key
This only seems to be affected some machines and not all. On these machines they are being prompted to enter credentials and also receive a kdc error if they try and change thier password
Our Domian hasnt been changed and has been running error free for a long time. Replication appears to be working between the to DC's
Changing the password on the Dc dosnt seem to stop the error.