Re: Failed Security Audit
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 10/07/04
- Previous message: Steven L Umbach: "Re: login network connections"
- In reply to: Scarebus: "Failed Security Audit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 06 Oct 2004 22:15:31 GMT
If the computers generating these events are downlevel operating systems
such as NT4.0 these errors are normal as they can not use Kerberos. From
your description though I would first check your dns configuration for the
domain in that the domain controllers must be pointing to only themselves or
other W2K domain controllers for their preferred dns server and the domain
computers must be pointing ONLY [never an ISP dns server] to a domain
controller running AD dns for the domain as their preferred dns server. The
link below explains this more.
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382 --
Active Directory dns FAQ.
Also look in Event Viewer on your domain controllers and on the domain
computer that caused this event to see if any pertinent errors are recorded.
If you have an ipsec policy in the domain, domain controllers must be exempt
by their IP addresses with a permit filter action. There are a couple
support tools that can help. Run netdiag on at least the pdc fsmo domain
controller and then dcdiag on it to see if any pertinent failed
tests/errors/warnings show up. Also run netdiag on the domain computer that
caused this failure audit. Many or most errors found are due to dns or
networking misconfiguration. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;321708 -- netdiag
and how to install support tools.
http://www.eventid.net/display.asp?eventid=677&eventno=4&source=Security&phase=1
-- results from EventId.net for Event ID 677
"Scarebus" <scarebus@hotmail.com> wrote in message
news:eQ$ByT%23qEHA.3976@TK2MSFTNGP10.phx.gbl...
> The Domain Controller's (Win 2k) Security Event log is constantly giving
> the following Failure warning for each Workstation that is in the network:
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Account Logon
> Event ID: 677
> Date: 06/10/2004
> Time: 17:23:28
> User: NT AUTHORITY\SYSTEM
> Computer: SERVER
> Description:
> Service Ticket Request Failed:
> User Name: STATION1$
> User Domain: FR.COM
> Service Name: krbtgt/FR.COM
> Ticket Options: 0x2
> Failure Code: 0x20
> Client Address: 192.168.2.8
>
> I've tried removing each Workstation from the Domain and rejoining - it
> initially works but after a short while the Failure messages start again.
>
> Where do I start to look?
>
> Gerry
>
- Previous message: Steven L Umbach: "Re: login network connections"
- In reply to: Scarebus: "Failed Security Audit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
