Re: Account logon failure 673
From: Robert J (RobertJ_at_discussions.microsoft.com)
Date: 01/25/05
- Next message: Roger Abell: "Re: Recovering Encrypted File on WIndows XP workstation"
- Previous message: Michael D. Ober: "Re: View Open Ports"
- In reply to: Michiko Short [MSFT]: "Re: Account logon failure 673"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 Jan 2005 12:09:02 -0800
Michiko,
Thanks for the information. I will check out the resources you indicated.
We are not trying to do constrained delegation, we are using win 2003 server.
"Michiko Short [MSFT]" wrote:
> Robert,
>
> Event 673 is the Service Ticket Request event (for more info see the event
> resource below or Kerb Authn Tech Ref Tools & Settings). Looks like you have
> a failure code 0xD - KDC_ERR_BADOPTION: KDC cannot accommodate requested
> option (See TS Kerb Err WP for details). This is an error that typically
> does not cause you any problems since if the TGT is about to expire your
> system will request a new one. However, if you are trying to use constrained
> delegation in Windows 2000 then you should rethink your scenario since
> Windows 2000 does not support constrained delegation. If you want
> constrained delegation then you need to use Windows Server 2003 Active
> Directory (domain).
>
> Does that answer your question?
>
> Resources:
>
> Kerberos Authentication in Windows Server 2003 web page has lots of Kerberos
> Authentication resources:
> http://www.microsoft.com/kerberos
>
> Troubleshooting Kerberos Errors whitepaper:
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerberr.mspx
>
> Our resource Windows Server 2003 Events and Errors is off the TechNet Menu
> under Troubleshooting & Support as the Events and Errors Message Center. It
> has the following URL:
> http://www.microsoft.com/technet/support/ee/search.aspx?DisplayName=Windows%20Server%202003&ProdName=Windows%20Operating%20System&MajorMinor=5.2&LCID=1033
>
> Below is the entry for your error:
> http://www.microsoft.com/technet/support/ee/result.aspx?EvtSrc=Security&EvtID=673&ProdName=Windows+Operating+System&LCID=1033&ProdVer=5.2
>
> --
> Michiko Short [MSFT]
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> Please do not send e-mail directly to this alias. This alias is for
> newsgroup purposes only.
>
> "Robert J" <RobertJ@discussions.microsoft.com> wrote in message
> news:3A2A7DEF-0438-46B7-8795-5721CB7A336F@microsoft.com...
> > We have 2 2003 domain controllers, both are recording a logon failure, id
> > 673
> > with the following data
> >
> > User: NT Authority/system
> > service name: host/myserver.domain name
> > Ticket options 0X40830000
> > Client address 127.0.0.1
> > Failure code 0XD
> >
> > I haven't found any help in the knowledge base. Any help would be
> > appreciated.
> >
> > Thanks, Robert
>
>
>
- Next message: Roger Abell: "Re: Recovering Encrypted File on WIndows XP workstation"
- Previous message: Michael D. Ober: "Re: View Open Ports"
- In reply to: Michiko Short [MSFT]: "Re: Account logon failure 673"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
