Re: Windows 2003 Pre-authentication failed



Your dcdiag is reporting Kerberos errors, but I am unable to find specifics
on Microsoft. Go into the System Event Log and see if you can find any
specific Event Id's for the errors listed below.


I believe you are getting an Event Id 3 error.

http://www.eventid.net/display.asp?eventid=3&eventno=3536&source=Kerberos&phase=1

EventId 3 may be being triggered by Kerberos Logging if you have that
enabled, but there are other Event errors, that I am unsure of the Event Id.

Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x825A0011
Time Generated: 04/24/2007 21:26:03
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC25A001D
Time Generated: 04/24/2007 21:26:03
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC25A001D
Time Generated: 04/24/2007 21:26:37
(Event String could not be retrieved)
An Error Event occured. EventID: 0x825A0011
Time Generated: 04/24/2007 21:26:41
(Event String could not be retrieved)
An Error Event occured. EventID: 0x80000003
Time Generated: 04/24/2007 21:33:04
Event String: A Kerberos Error Message was received:
on logon session

Client Time:
Server Time: 20:33:4.0000 4/24/2007 Z
Error Code: 0xd KDC_ERR_BADOPTION
Extended Error: 0xc00000bb KLIN(0)
Client Realm:
Client Name:
Server Realm: INTERNAL.TEECE.CO.UK
Server Name:
host/teeceserver.internal.teece.co.uk
Target Name:
host/teeceserver.internal.teece.co.uk@xxxxxxxxxxxxxxxxxxxx
Error Text:
File: 9
Line: ae0

Error Data is in record data.
An Error Event occured. EventID: 0x80000003
Time Generated: 04/24/2007 21:48:05
Event String: A Kerberos Error Message was received:
on logon session

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Andrew Teece" <enate@xxxxxxxxxxxxx> wrote in message
news:u$q$KmrhHHA.4064@xxxxxxxxxxxxxxxxxxxxxxx
Thanks for the help Paul

I have already run and looked into numerous articles around diagnosing
issues with DCDIAG, all to no avail :-(

Attached are the reports though.

I have also tried resetting the machine password with netdom


Regards



Andrew



"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:O$Q5jVrhHHA.4516@xxxxxxxxxxxxxxxxxxxxxxx
When you have the error try the following and post anything you don't
understand:

Run diagnostics against your Active Directory domain.

If you don't have the tools installed, install them from your server
install disk.
d:\support\tools\setup.exe

Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt

**Note: Using the /E switch in dcdiag will run diagnostics against ALL
dc's in the forest. If you have significant numbers of DC's this test
could generate significant detail and take a long time. You also want to
take into account slow links to dc's will also add to the testing time.

If you download a gui script I wrote it should be simple to set and run
(DCDiag and NetDiag). It also has the option to run individual tests
without having to learn all the switch options. The details will be
output in notepad text files that pop up automagically.

The script is located in the download section on my website at
http://www.pbbergs.com

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.


--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"Andrew Teece" <enate@xxxxxxxxxxxxx> wrote in message
news:uTQ79QrhHHA.5008@xxxxxxxxxxxxxxxxxxxxxxx
Hi
I have a domain controller that has ALOT (read 4 times / minute) of
"Failure Audit" entries in the Security log.

The entries are of ID 675, Category Account Logon. The message is

"Pre-authentication failed:"
Failure Code: 0x19


If I demote the server to just be a member server it is fine. But if
i
repromote the server the errors return.



Regards




Andrew Teece
Technical Architect





.



Relevant Pages

  • Re: Interactive logon message
    ... "Meinolf Weber" wrote: ... Netdiag looks normal, dcdiag also, the entries you see, are from the system ... EventID: 0x00000457 ... (Event String could not be retrieved) ...
    (microsoft.public.windows.server.active_directory)
  • Re: Interactive logon message
    ... Netdiag looks normal, dcdiag also, the entries you see, are from the system log from event viewer. ... EventID: 0x00000457 ... (Event String could not be retrieved) ...
    (microsoft.public.windows.server.active_directory)
  • RE: Missing Event IDs and Errors following DCPROMO
    ... Can you post the full output of the dcdiag /v results please. ... Does sysvol and netlogon get shared out? ... EventID: 0x00000457 ... (Event String could not be retrieved) ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD 2000 to 2003 R2
    ... When I run dcdiag /v I 've got some errors from the test in systemlog: ... EventID: 0x00000457 ... (Event String could not be retrieved) ... Might also want to do some basic forest/domain health checks with dcdiag /c ...
    (microsoft.public.windows.server.migration)
  • DCDIAG Error
    ... then started to run a dcdiag and got some DNS errors which I think I fixed. ... EventID: 0x0000025C ... (Event String could not be retrieved) ...
    (microsoft.public.windows.server.active_directory)