Re: Kerberos Errors in the Audit Log.

From: Steven L Umbach (n9rou_at_comcast.net)
Date: 09/20/03 

Date: Sat, 20 Sep 2003 00:23:45 GMT

I don't know offhand, but I would run netdiag and dcdiag on the domain controllers and netdiag on one of the workstations to see if any failed tests are reported that may provide a clue. Time synch is also very important as by default kerberos only allows a five minute skew, but W32 time service should be managing that. --- Steve

  "Rob W" <nospam@myinbox.com> wrote in message news:%23mfSVGvfDHA.944@TK2MSFTNGP11.phx.gbl...
  Hi.

  I turned on logon auditing recently on our domain and I have been getting dozens of these errors every day since then. Basically every computer in our building shows up in the log with one of these errors, however Microsoft has been no help explaining what is wrong exactly. Beats me. Everyone is able to login and use the network. By the errors, I am assuming that we are not able to authenticate using Kerberos. But the errors don't tell me much.

  Any Ideas?

  Event Type: Failure Audit
  Event Source: Security
  Event Category: Account Logon
  Event ID: 677
  Date: 9/17/2003
  Time: 9:53:33 AM
  User: NT AUTHORITY\SYSTEM
  Computer: (Domain Controller)
  Description:
  Service Ticket Request Failed:
  User Name:
  User Domain:
  Service Name: krbtgt/(Company Domain)
  Ticket Options: 0x2
  Failure Code: 0x20
  Client Address: 192.168.1.78

  Event Type: Failure Audit
  Event Source: Security
  Event Category: Account Logon
  Event ID: 675
  Date: 9/17/2003
  Time: 7:25:25 AM
  User: NT AUTHORITY\SYSTEM
  Computer: (Domain Controller)
  Description:
  Pre-authentication failed:
  User Name: (User Name)
  User ID: (Domain\User Name)
  Service Name: krbtgt/(Domain Name)
  Pre-Authentication Type: 0x2
  Failure Code: 0x25
  Client Address: 192.168.1.76

  Event Type: Failure Audit
  Event Source: Security
  Event Category: Logon/Logoff
  Event ID: 537
  Date: 9/17/2003
  Time: 5:41:34 AM
  User: NT AUTHORITY\SYSTEM
  Computer: (Domain Controller)
  Description:
  Logon Failure:
  Reason: An unexpected error occurred during logon
  User Name:
  Domain:
  Logon Type: 3
  Logon Process: Kerberos
  Authentication Package: Kerberos
  Workstation Name: -

  --
  Rob Wilson, N+

Relevant Pages

  • Re: Locked myself out of the system
    ... is a member of the domain and reconfigure the security policy from there ... assuming you have network access to the domain controller. ... > logon of the user". ... the computer is a domain controller. ...
    (microsoft.public.win2000.security)
  • Re: Default Domain Policy vs Default Domain Controller Policy
    ... for both success and failure in Domain Controller Security Policy. ... Security Policy got it to work. ... authenticated by a domain controller and a logon failure to the domain ...
    (microsoft.public.cert.exam.mcse)
  • Kerberos Errors in the Audit Log.
    ... Event Source: Security ... Event Category: Account Logon ... Computer: (Domain Controller) ... Event Type: Failure Audit ...
    (microsoft.public.win2000.security)
  • Re: Windows 2003 member server with Windows 2000 Domain Controller
    ... > Windows cannot obtain the domain controller name for your computer ... > Event Source: NETLOGON ... > There are currently no logon servers available to service the logon ... I have to rejoin the server to ...
    (microsoft.public.win2000.security)
  • Re: Auditing User logon/logoff events.
    ... u say in the document like i enabled "Account logon events" only in domain ... Then i am getting 672,673 event ids in my domain controllers event viewer. ... can see this log in domain controller security log. ...
    (microsoft.public.win2000.security)