Re: Pre-authentication failed for Windows 2008 systems



Hello Brad,

The ipconfigs looks ok. You can check it yourself but at least post a netdiag, will be smaller.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


Domain Controller 1 IPCONFIG
==============================
Windows IP Configuration
Host Name . . . . . . . . . . . . : dc1
Primary Dns Suffix . . . . . . . : domain.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.net
Ethernet adapter Main Connection (Public):

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : BASP Virtual Adapter
Physical Address. . . . . . . . . : 00-13-72-F8-27-0C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.103
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 192.168.33.3
DNS Servers . . . . . . . . . . . : 192.168.33.104
192.168.33.103
Domain Controller 2 IPCONFIG
==============================
Windows IP Configuration
Host Name . . . . . . . . . . . . : dc2
Primary Dns Suffix . . . . . . . : domain.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.net
Ethernet adapter Main Connection (Public):

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : BASP Virtual Adapter
Physical Address. . . . . . . . . : 00-13-72-F8-28-01
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.104
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 192.168.33.3
DNS Servers . . . . . . . . . . . : 192.168.33.104
192.168.33.103
Windows 2008 Server IP Config
==============================
Host Name . . . . . . . . . . . . : TS1
Primary Dns Suffix . . . . . . . : domain.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.net
Ethernet adapter Local Area Connection 1:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
GigE
Physical Address. . . . . . . . . : 00-1E-4F-2F-64-E3
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . :
fe80::c883:19c6:61c0:8195%16(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.33.39(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 192.168.33.3
DNS Servers . . . . . . . . . . . : 192.168.33.103
192.168.33.104
NetBIOS over Tcpip. . . . . . . . : Enabled
netdiag /v
=============================
Are you sure you want me to post this? This command returned over 4500
lines
of text.....
Thanks
Brad
"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb6619d3d8cb60300fc771a6@xxxxxxxxxxxxxxxxxxxxxxx

Hello Brad,

Make sure the machine is correct registered in your DNS zones. Please
post an unedited ipconfig /all from the existing DC's and the 2008
machine with the error.

Assuming that you use private ip ranges there is noproblem to post
them here. 10.x.x.x 172.x.x.x or 192.168.x.x are not accessible form
outside.

Also run netdiag /v and post the output also.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Below is the output of the event log. Obviously I scrubbed some of
the data below (such as the PC names, domain controller names,
domain name, ip addresses and other sensitive information). But the
event ID, and failure codes are still as-is etc.

Thanks
Brad
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 675
Date: 2/18/2009
Time: 12:06:19 AM
User: NT AUTHORITY\SYSTEM
Computer: DOMAINCONTROLLER
Description:
Pre-authentication failed:
User Name: WIN2K8SERVER$
User ID: DOMAIN\WIN2K8SERVER$
Service Name: krbtgt/DOMAIN.NET
Pre-Authentication Type: 0x0
Failure Code: 0x19
Client Address: 123.123.123.123
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb6619b1c8cb5f688339fde0@xxxxxxxxxxxxxxxxxxxxxxx

Hello Brad,

Please post the complete event viewer entry.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
We are seeing errors similar to the following on our domain
controllers for all of our Windows 2008 (x86 and x64) servers:

Pre-authentication failed:
User Name: SERVERNAME$
User ID: DOMAIN\SERVERNAME$
Service Name: krbtgt/DOMAIN.COM
Pre-Authentication Type: 0x0
Failure Code: 0x19
Client Address: SERVER IP
Our active directory domain consists of two windows 2003 R2 x64
domain
controllers (if that matters).
I've done some searching online and found several other people
seeing similar errors with Windows Vista but no really good
explanation of what's causing them. The best I can find is a work
around which suggests
1. On the domain controller, run "adsiedit.msc"
2. Locate the computer accounts DOMAIN\EXC$ under the Domain
partition.
3. Right-click on "DOMAIN\EXC$", click Properties.
4. Then locate the attribute "UserAccountControl" in the
Attributes
list.
Click Edit.
5. Modify the value to original value plus 4194304. For example,
if
the
original value is 512, the new value should be 512+4194304=4194816
6. Click OK, click Apply, and click OK.
7. Quit ADSI Edit. Then you can check if the event 675 stops for
these
accounts.
I've done this and it does seem to resolve the issue but I don't
want
to be having to do this for each and every new Windows 2008 server
we
introduce into active directory. Surely there must be some logical
explanation for what's causing these entries and how we can stop
them
without the elaborate work around above?
If anyone has any suggestions or ideas, please let me know.
Thanks
Brad


.



Relevant Pages

  • Site-tosite VPN Issue
    ... Windows Server 2003 domain controller ... Mixture of PCs running Windows 2000 Profressional with SP3 and Windows XP ... the VPN to the Windows Server 2003 domain controller. ... 12.7MB file from the server to the client PC. ...
    (microsoft.public.windows.server.networking)
  • RE: Internet Connection Wizard failing at Firewall Config and Secu
    ... You can use the Dcdiag.exe (Domain Controller Diagnostic Tool) included ... in Windows Support Tools to verify the AD status. ... Windows Server 2003 Active Directory Diagnostics, ...
    (microsoft.public.windows.server.sbs)
  • RE: Provide feedback to DC promotion/replacement
    ... one of the is reffering to a Windows 2000 ... As i sad in the previous posts, to rename a domain controller ... controllers in the domain must be running Windows Server 2003. ... a global catalog. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Pre-authentication failed for Windows 2008 systems
    ... Failure Code: 0x19 ... Client Address: SERVER IP ... Our active directory domain consists of two windows 2003 R2 x64 ... On the domain controller, ...
    (microsoft.public.windows.server.security)
  • Re: Cant Get DC List W32tm /monitor
    ... Windows IP Configuration ... Connection-specific DNS Suffix. ... 'The server process could not be started because the configured identity ...
    (microsoft.public.windows.server.general)