Re: Windows 2003 Pre-authentication failed

From: "Andrew Teece" <enate@xxxxxxxxxxxxx>
Date: Wed, 25 Apr 2007 20:38:41 +0100

Yes, I forgot I turned on Kerberos logging while bashing my head against this over the last few weeks.

I am getting 2 EventID3 events in the system event log.

A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 19:18:46.0000 4/25/2007 Z
Error Code: 0xd KDC_ERR_BADOPTION
Extended Error: 0xc00000bb KLIN(0)
Client Realm:
Client Name:
Server Realm: INTERNAL.TEECE.CO.UK
Server Name: host/teeceserver.internal.teece.co.uk
Target Name: host/teeceserver.internal.teece.co.uk@xxxxxxxxxxxxxxxxxxxx
Error Text:
File: 9
Line: ae0
Error Data is in record data.

AND

A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 19:32:48.0000 4/25/2007 Z
Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN
Extended Error:
Client Realm:
Client Name:
Server Realm: INTERNAL.TEECE.CO.UK
Server Name: teeceserver.internal.teece.co.uk
Target Name: teeceserver.internal.teece.co.uk@xxxxxxxxxxxxxxxxxxxx
Error Text:
File: 9
Line: ae0
Error Data is in record data.

Regards

Andrew

"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message news:OdteDqzhHHA.4704@xxxxxxxxxxxxxxxxxxxxxxx

Your dcdiag is reporting Kerberos errors, but I am unable to find specifics on Microsoft. Go into the System Event Log and see if you can find any specific Event Id's for the errors listed below.

I believe you are getting an Event Id 3 error.

http://www.eventid.net/display.asp?eventid=3&eventno=3536&source=Kerberos&phase=1

EventId 3 may be being triggered by Kerberos Logging if you have that enabled, but there are other Event errors, that I am unsure of the Event Id.

Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x825A0011
Time Generated: 04/24/2007 21:26:03
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC25A001D
Time Generated: 04/24/2007 21:26:03
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC25A001D
Time Generated: 04/24/2007 21:26:37
(Event String could not be retrieved)
An Error Event occured. EventID: 0x825A0011
Time Generated: 04/24/2007 21:26:41
(Event String could not be retrieved)
An Error Event occured. EventID: 0x80000003
Time Generated: 04/24/2007 21:33:04
Event String: A Kerberos Error Message was received:
on logon session

Client Time:
Server Time: 20:33:4.0000 4/24/2007 Z
Error Code: 0xd KDC_ERR_BADOPTION
Extended Error: 0xc00000bb KLIN(0)
Client Realm:
Client Name:
Server Realm: INTERNAL.TEECE.CO.UK
Server Name:
host/teeceserver.internal.teece.co.uk
Target Name:
host/teeceserver.internal.teece.co.uk@xxxxxxxxxxxxxxxxxxxx
Error Text:
File: 9
Line: ae0

Error Data is in record data.
An Error Event occured. EventID: 0x80000003
Time Generated: 04/24/2007 21:48:05
Event String: A Kerberos Error Message was received:
on logon session

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Andrew Teece" <enate@xxxxxxxxxxxxx> wrote in message news:u$q$KmrhHHA.4064@xxxxxxxxxxxxxxxxxxxxxxx
Thanks for the help Paul

I have already run and looked into numerous articles around diagnosing
issues with DCDIAG, all to no avail :-(

Attached are the reports though.

I have also tried resetting the machine password with netdom

Regards

Andrew

"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:O$Q5jVrhHHA.4516@xxxxxxxxxxxxxxxxxxxxxxx

When you have the error try the following and post anything you don't
understand:

Run diagnostics against your Active Directory domain.

If you don't have the tools installed, install them from your server
install disk.
d:\support\tools\setup.exe

Run dcdiag, netdiag and repadmin in verbose mode.
-> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
-> netdiag.exe /v > c:\netdiag.log (On each dc)
-> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt

**Note: Using the /E switch in dcdiag will run diagnostics against ALL
dc's in the forest. If you have significant numbers of DC's this test
could generate significant detail and take a long time. You also want to
take into account slow links to dc's will also add to the testing time.

If you download a gui script I wrote it should be simple to set and run
(DCDiag and NetDiag). It also has the option to run individual tests
without having to learn all the switch options. The details will be
output in notepad text files that pop up automagically.

The script is located in the download section on my website at
http://www.pbbergs.com

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"Andrew Teece" <enate@xxxxxxxxxxxxx> wrote in message
news:uTQ79QrhHHA.5008@xxxxxxxxxxxxxxxxxxxxxxx

Hi
I have a domain controller that has ALOT (read 4 times / minute) of
"Failure Audit" entries in the Security log.

The entries are of ID 675, Category Account Logon. The message is

"Pre-authentication failed:"
Failure Code: 0x19

If I demote the server to just be a member server it is fine. But if i
repromote the server the errors return.

Regards

Andrew Teece
Technical Architect

Follow-Ups:
- Re: Windows 2003 Pre-authentication failed
  - From: Paul Bergson [MVP-DS]

References:
- Windows 2003 Pre-authentication failed
  - From: Andrew Teece
- Re: Windows 2003 Pre-authentication failed
  - From: Paul Bergson [MVP-DS]
- Re: Windows 2003 Pre-authentication failed
  - From: Andrew Teece
- Re: Windows 2003 Pre-authentication failed
  - From: Paul Bergson [MVP-DS]

Prev by Date: Changes in setup/configuration for VPN and IPSec??
Next by Date: Re: Windows 2003 Pre-authentication failed
Previous by thread: Re: Windows 2003 Pre-authentication failed
Next by thread: Re: Windows 2003 Pre-authentication failed
Index(es):
- Date
- Thread

Relevant Pages

Re: What are the best general things to do after a dirty shutdown (Server SBS)
... Microsoft Windows Small Business Server 2003 Best Practices Analyzer ... After that, please post any event log errors, just the EventID# and Source names, not the whole error message. ... (Event String (event log = Directory Service) ...
(microsoft.public.windows.server.sbs)
Re: Advice Needed on Migration
... For the new DC/DNS i would only use the existing DC/DNS 25.14.168.11 as preferred until AD/DNS replication is done complete, after that change the ip to itself as preferred and use the other DNS server as secondary. ... EventID: 0xC0001B78 ... (Event String could not be retrieved) ... Starting test: CrossRefValidation ...
(microsoft.public.windows.server.migration)
Re: Secondary domain controller can not talk to SBS server
... I have an SBS server and another domain controller at a remote site. ... The replication generated an error: ... EventID: 0x8000061E ... Event String: All domain controllers in the following site ...
(microsoft.public.windows.server.sbs)
Re: Replication Issues
... other dc or its dns server? ... What is your replication topology etc? ... EventID: 0x8000061E ... Event String: All domain controllers in the following site ...
(microsoft.public.windows.server.active_directory)
Re: Windows 2008 Additional DC
... Directory Server Diagnosis ... EventID: 0x8000061E ... Event String: ... Running partition tests on: ForestDnsZones ...
(microsoft.public.windows.server.active_directory)