The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server LF_SVCS. The target name used was HTTP/Laserfiche.US.GGS.Inc. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (US.GGS.INC) is different from the client domain (US.GGS.INC), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.	


Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          8/18/2020 3:29:45 PM
Event ID:      5152
Task Category: Filtering Platform Packet Drop
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      GGSCorp-6118.US.GGS.Inc
Description:
The Windows Filtering Platform has blocked a packet.

Application Information:
	Process ID:		0
	Application Name:	-

Network Information:
	Direction:		Inbound
	Source Address:		172.18.1.16
	Source Port:		53
	Destination Address:	172.18.14.27
	Destination Port:		63901
	Protocol:		17

Filter Information:
	Filter Run-Time ID:	91824
	Layer Name:		Transport
	Layer Run-Time ID:	13
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
    <EventID>5152</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12809</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2020-08-18T19:29:45.234639200Z" />
    <EventRecordID>141174953</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="16172" />
    <Channel>Security</Channel>
    <Computer>GGSCorp-6118.US.GGS.Inc</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="ProcessId">0</Data>
    <Data Name="Application">-</Data>
    <Data Name="Direction">%%14592</Data>
    <Data Name="SourceAddress">172.18.1.16</Data>
    <Data Name="SourcePort">53</Data>
    <Data Name="DestAddress">172.18.14.27</Data>
    <Data Name="DestPort">63901</Data>
    <Data Name="Protocol">17</Data>
    <Data Name="FilterRTID">91824</Data>
    <Data Name="LayerName">%%14597</Data>
    <Data Name="LayerRTID">13</Data>
  </EventData>
</Event>

From LF server

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.