Re: krbtgt failure logs

From: Gary K (dabigfinndog_at_icqmail.com)
Date: 05/02/03

Next message: sgopus: "My Security and Hacking Book"

Previous message: george: "E-Mails"
In reply to: chhiperic: "krbtgt failure logs"
Next in thread: Eric Fitzgerald [MSFT]: "Re: krbtgt failure logs"
Reply: Eric Fitzgerald [MSFT]: "Re: krbtgt failure logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 1 May 2003 20:17:46 -0700

krbtgt is the account that Kerberos uses in granting tickets for
establishing trust between computers such as when you attempt to use a
shared folder on another computer, log onto the domain, etc.... It looks
like you have some type of authentication errors. I don't know exactly
where to point you, but I would start by running netdiag at a cmd prompt and
see if you have any "fatal" errors. I have had a few errors very similar to
this and they can usually be traced back to dns, secure channel, or too
large a time difference between the offending computer and the DC. Netdiag
has done a good job of diagnosing these for me in most instances.

If you see a "fatal" error some of them can be fixed by using netdiag with
the /fix switch.. Other more serious secure channel errors can be corrected
with nltest.

HTH. :-)
"chhiperic" <ekahklen-chhip@qwest.net> wrote in message
news:002801c31007$9caaa370$a501280a@phx.gbl...
> I continue to have the following log entry and all the
> research I've done suggests there is nothing that can be
> done to fix it. If this is infact the case then so be it,
> but it fills my security log constantly and I am afraid
> I'll miss a real security issue. Can anyone shead some
> light on the subject??? PLEASE??
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Account Logon
> Event ID: 675
> Date: 5/1/2003
> Time: 8:03:04 AM
> User: NT AUTHORITY\SYSTEM
> Computer: SERVER
> Description:
> Pre-authentication failed:
> User Name: User1
> User ID: SERVER\User1
> Service Name: krbtgt/SERVER
> Pre-Authentication Type: 0x2
> Failure Code: 0x18
> Client Address: 10.0.0.111
>
> Thanks,
>
> Eric
>
> .
>
>

Next message: sgopus: "My Security and Hacking Book"

Previous message: george: "E-Mails"
In reply to: chhiperic: "krbtgt failure logs"
Next in thread: Eric Fitzgerald [MSFT]: "Re: krbtgt failure logs"
Reply: Eric Fitzgerald [MSFT]: "Re: krbtgt failure logs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Event ID 676, Account is locked out
... On our domain controllers we are getting a huge amount of failure audit ... This is causing the administrator account to ... Event Source: Security ... Event Category: Account Logon ...
(microsoft.public.win2000.security)
Random Account Lockout
... Security Logs on domain controlers show... ... Event Type: Failure Audit ... Event Category: Account Logon ...
(microsoft.public.windows.server.networking)
Re: Failure Audits in the secruity log Event Viewer
... > - Logon failure auditing is enabled. ... > despite the fact that the machine is using a local account. ... > Event Type: Failure Audit ... > Security Event 529 Is Logged for Local User Accounts ...
(microsoft.public.windowsxp.security_admin)
Re: Re-occuring Administrator User Account Lockout
... > The account locked out again this morning. ... The Security log showed 3 ... > Event Category: Account Logon ... >> Event Type: Failure Audit ...
(microsoft.public.win2000.active_directory)
Risks Digest 25.73
... German electronic health card system failure ... Risks of the Cloud: Liquid Motors ... Oakland 2010, IEEE Symposium on Security and Privacy, CFP ... A friend's facebook account was hacked recently (a neat little short-term ...
(comp.risks)