Re: Event ID: 673 - Failure Audit
From: MikeH (MikeH_at_discussions.microsoft.com)
Date: 05/24/05
- Next message: Andy Lowe: "Changing domain password on large number of servers"
- Previous message: Ben: "Re: Event ID: 673 - Failure Audit"
- In reply to: Ben: "Re: Event ID: 673 - Failure Audit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 24 May 2005 02:41:02 -0700
Ben, something else to review.
In my situation, I am doing complete auditing.
I have a service account (_ServiceAccount) that connects to a DC and then
passes the credentials of a user account to log that user in.
I first see the Kerberos error w/hex 0x19 indicated.
Then I see the failure audit for the 0x4081000 Service Ticket request, and
this is on the _ServiceAccount
Immediately following I see a Service Ticket Request that is successful for
the same _ServiceAccount
You may want to check and see if this is happening in your case. It's very
possible that a first attempt for the service ticket failed, and if you're
auditing failures (obviously you must be) you'll see EVERY failure - and
could miss the forrest for the trees (sorry for the pun). Your service
account may be working fine.
"Ben" wrote:
> Community Message Not Available
- Next message: Andy Lowe: "Changing domain password on large number of servers"
- Previous message: Ben: "Re: Event ID: 673 - Failure Audit"
- In reply to: Ben: "Re: Event ID: 673 - Failure Audit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
