I have followed this document http://www.microsoft.com/downloads/details.aspx?FamilyID=7DFEB015-6043-47DB-8238-DC7AF89C93F1&displaylang=en and modified the registry settings to enable kerberos logging and debug logging. I get a "Message Stream Modified" error when I run my client program. But I do not see lsass.log file in the windows\system folder and also I do not see any logs in the Event Viewer (system logs). Am I missing something? How can I know why I am getting the "Message stream modified" error from the server. Thanks.

Hi,The message indicates that the server was unable to decrypt the ticket sent by a client meaning that the server does not know the secret key used to encrypt the ticket, or the client got the ticket from a KDC that did not know the server's key. Do you get a Kerberos 4 event? You can refer to the following article to troubleshoot the issue: Event ID 4 — Kerberos Client Configurationhttp://technet.microsoft.com/en-us/library/cc733987(WS.10).aspx<!---->This posting is provided "AS IS" with no warranties, and confers no rights.

I fixed KRB_AP_ERR_MODIFIED errors which only appeared when doing WMI/DCOM connections to W2K8 machines by changing DefaultEncryptionType from 23 to 24 on the target machines. Somehow the value was set to a non-default for W2K8. WMI with W2K3 machines was ok. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\Kerberos\Parameters DefaultEncryptionType = 24