Re: Security Log Help
From: Johnse (Johnse_at_discussions.microsoft.com)
Date: 04/27/05
- Next message: John M: "Microsoft Baseline Security Analyzer (MBSA) 1.2.1"
- Previous message: timcapp: "Event ID 577 & 578 are filling Security Event Logs"
- In reply to: Steven L Umbach: "Re: Security Log Help"
- Next in thread: Steven L Umbach: "Re: Security Log Help"
- Reply: Steven L Umbach: "Re: Security Log Help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 27 Apr 2005 12:53:39 -0700
I ran netdiag & dcdiag & no errors reported. IP addresses for DNS are all
correct. Should the pdc point only to itself for DNS? Old server is out of
DNS & new servers are listed. I'll set other DNS servers to point to pdc
first & let you know if it fixes. Any other ideas if this doesn't fix the
problem?
"Steven L Umbach" wrote:
> Try running the support tools netdiag and then dcdiag on your domain
> controller to see if it reports any pertinent problems that may help in a
> solution and verify that your domain controllers have the correct IP
> addresses for preferred dns servers in their tcp/ip properties and that the
> "old" domain controller IP address is not listed. Generally the pdc fsmo
> should point to itself as it's preferred dns server and other domain
> controllers for the domain should point to the pdc fsmo first and then
> themselves. The old domain controller's IP should also be removed from DHCP
> scopes and verified that the correct domain controllers IP addresses are
> listed.--- Steve
>
>
> "Johnse" <Johnse@discussions.microsoft.com> wrote in message
> news:135F66D0-80B0-4070-B564-E2F334716710@microsoft.com...
> > As soon as I retired my previous PDC I started getting errors in my
> > security
> > eventy log & I don't know why. Help!
> > I followed KB255690 for transferring FSMO roles, KB295419 for transferring
> > the Global Catalog. My other event logs are clean. It's just the
> > security
> > log that gets all the errors.
> >
> > Event ID: 537
> > Source: Security
> > Type: Failure
> > User: NT AUTHORITY\SYSTEM
> > Category: Logon/Logoff
> > Reason: An unexpected error occurred during logon
> > Username:
> > Domain:
> > Logon Type: 3
> > Logon Process: Kerbos
> > Authentication Package: Kerbos
> > Workstation Name: -
> >
> > Event ID: 675
> > Source: Security
> > Type: Failure
> > User: NT AUTHORITY\SYSTEM
> > Category: Logon/Logoff
> > Reason: An unexpected error occurred during logon
> > Username:
> > Domain:
> > Logon Type: 3
> > Logon Process: Kerbos
> > Authentication Package: Kerbos
> > Workstation Name: -
> >
> > Event ID: 675
> > Source: Security
> > Type: Failure
> > User: NT AUTHORITY\SYSTEM
> > Category: Account Logon
> > Description: Pre-authentication failed
> > Username: juser
> > User ID: DOMAIN\juser
> > Service Name: krbtgt/DOMAIN
> > Pre-Authentication Type: 0x2
> > Failure Code: 0x18
> > Client address: 10.0.0.127
> >
> >
> > Event ID: 681
> > Source: Security
> > Type: Failure
> > User: NT AUTHORITY\SYSTEM
> > Category: Account Logon
> > Description: The logon to account: supervisor by
> > MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 from workstation: SERVER2 failed.
> > The
> > error code was: 3221225578
> >
> >
> >
> >
>
>
>
- Next message: John M: "Microsoft Baseline Security Analyzer (MBSA) 1.2.1"
- Previous message: timcapp: "Event ID 577 & 578 are filling Security Event Logs"
- In reply to: Steven L Umbach: "Re: Security Log Help"
- Next in thread: Steven L Umbach: "Re: Security Log Help"
- Reply: Steven L Umbach: "Re: Security Log Help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
