Kerberos Errors.

Discussion in 'MCSE' started by Rob, Sep 21, 2003.

  1. Rob

    Rob Guest

    I recently turned on logon auditing recently on our domain controller
    and I have been getting dozens of these errors every day since then.
    Basically every computer in our building shows up in the log with one
    of these errors and also the default share for each user as well
    example ROB$, however Microsoft has been no help explaining what is
    wrong exactly. Beats me. Everyone is able to login and use the
    network. By the errors, I am assuming that we are not able to
    authenticate using Kerberos but are able to authenticate using NTLM
    all of the computers are Win2k or WinXP. We we on a peer to peer
    previously. I have no idea why these errors are coming up. Perhaps I
    need to change domain to Native Mode? No Idea. But I do need to get
    these to stop showing. I made the mistake of letting my boss see the
    log and he knows nothing about networking or Server OS's but he is
    pressing me for an explanation. Examples of the errors are below.

    Event Type: Failure Audit
    Event Source: Security
    Event Category: Account Logon
    Event ID: 677
    Date: 9/17/2003
    Time: 9:53:33 AM
    User: NT AUTHORITY\SYSTEM
    Computer: (Domain Controller)
    Description:
    Service Ticket Request Failed:
    User Name:
    User Domain:
    Service Name: krbtgt/(Company Domain)
    Ticket Options: 0x2
    Failure Code: 0x20
    Client Address: 192.168.1.78


    Event Type: Failure Audit
    Event Source: Security
    Event Category: Account Logon
    Event ID: 675
    Date: 9/17/2003
    Time: 7:25:25 AM
    User: NT AUTHORITY\SYSTEM
    Computer: (Domain Controller)
    Description:
    Pre-authentication failed:
    User Name: (User Name)
    User ID: (Domain\User Name)
    Service Name: krbtgt/(Domain Name)
    Pre-Authentication Type: 0x2
    Failure Code: 0x25
    Client Address: 192.168.1.76
     
    Rob, Sep 21, 2003
    #1
    1. Advertising

  2. Rob

    MCSE World Guest

    675 means that pre-authentication failed.
    677 means that a TGS ticket was not issued.

    Some information from MS:
    "Domain logon attempt failures. Event IDs 675 and 677 indicate failed
    attempts to logon to the domain.
    a.. Time Synchronization issues. If a client computer's time differs from
    the authenticating domain controller's by more than five minutes (by
    default), Event ID 675 will appear in the security log."

    See
    http://www.microsoft.com/technet/security/prodtech/windows/secwin2k/09detect.asp

    Also, try searching a bit more through the MSKB and see what you can turn
    up...

    Are you having any problems with account lockouts?

    Best,
    Will
    www.mcseworld.com




    "Rob" <> wrote in message
    news:...
    > I recently turned on logon auditing recently on our domain controller
    > and I have been getting dozens of these errors every day since then.
    > Basically every computer in our building shows up in the log with one
    > of these errors and also the default share for each user as well
    > example ROB$, however Microsoft has been no help explaining what is
    > wrong exactly. Beats me. Everyone is able to login and use the
    > network. By the errors, I am assuming that we are not able to
    > authenticate using Kerberos but are able to authenticate using NTLM
    > all of the computers are Win2k or WinXP. We we on a peer to peer
    > previously. I have no idea why these errors are coming up. Perhaps I
    > need to change domain to Native Mode? No Idea. But I do need to get
    > these to stop showing. I made the mistake of letting my boss see the
    > log and he knows nothing about networking or Server OS's but he is
    > pressing me for an explanation. Examples of the errors are below.
    >
    > Event Type: Failure Audit
    > Event Source: Security
    > Event Category: Account Logon
    > Event ID: 677
    > Date: 9/17/2003
    > Time: 9:53:33 AM
    > User: NT AUTHORITY\SYSTEM
    > Computer: (Domain Controller)
    > Description:
    > Service Ticket Request Failed:
    > User Name:
    > User Domain:
    > Service Name: krbtgt/(Company Domain)
    > Ticket Options: 0x2
    > Failure Code: 0x20
    > Client Address: 192.168.1.78
    >
    >
    > Event Type: Failure Audit
    > Event Source: Security
    > Event Category: Account Logon
    > Event ID: 675
    > Date: 9/17/2003
    > Time: 7:25:25 AM
    > User: NT AUTHORITY\SYSTEM
    > Computer: (Domain Controller)
    > Description:
    > Pre-authentication failed:
    > User Name: (User Name)
    > User ID: (Domain\User Name)
    > Service Name: krbtgt/(Domain Name)
    > Pre-Authentication Type: 0x2
    > Failure Code: 0x25
    > Client Address: 192.168.1.76
    >
     
    MCSE World, Sep 21, 2003
    #2
    1. Advertising

  3. circa Sat, 20 Sep 2003 20:56:13 -0400, in
    microsoft.public.cert.exam.mcse, Rob ()
    said,
    > I recently turned on logon auditing recently on our domain controller
    > and I have been getting dozens of these errors every day since then.
    > Basically every computer in our building shows up in the log with one
    > of these errors and also the default share for each user as well
    > example ROB$, however Microsoft has been no help explaining what is
    > wrong exactly. Beats me. Everyone is able to login and use the
    > network. By the errors, I am assuming that we are not able to
    > authenticate using Kerberos but are able to authenticate using NTLM
    > all of the computers are Win2k or WinXP. We we on a peer to peer
    > previously. I have no idea why these errors are coming up. Perhaps I
    > need to change domain to Native Mode? No Idea. But I do need to get
    > these to stop showing. I made the mistake of letting my boss see the
    > log and he knows nothing about networking or Server OS's but he is
    > pressing me for an explanation. Examples of the errors are below.
    >

    2000 DC?

    Laura
    --
    I am Dyslexia of Borg,
    Your ass will be laminated.
     
    Laura A. Robinson, Sep 23, 2003
    #3
  4. Rob

    Jtyc Guest

    > no it's 2000 AD

    It's 2003 you rube. Get a calendar.
     
    Jtyc, Sep 24, 2003
    #4
  5. circa Wed, 24 Sep 2003 08:25:09 +0100, in
    microsoft.public.cert.exam.mcse, billyw () said,
    >
    > no it's 2000 AD
    > > >

    > > 2000 DC?

    >

    Actually, it's 2003 AD.

    Laura
    --
    Brevity is the soul of lingerie.
    -Dorothy Parker
     
    Laura A. Robinson, Sep 24, 2003
    #5
  6. Rob

    Rob W Guest

    Right. Domain Controller is 2000 in mixed mode, even though there are no other DC's or BDC's

    --
    Rob Wilson, N+



    "billyw" <> wrote in message news:...
    no it's 2000 AD
    > >

    > 2000 DC?
    >
    > Laura
    > --
    > I am Dyslexia of Borg,
    > Your ass will be laminated.
     
    Rob W, Sep 24, 2003
    #6
  7. circa Wed, 24 Sep 2003 16:34:17 -0400, in
    microsoft.public.cert.exam.mcse, Rob W () said,
    >
    > Right. Domain Controller is 2000 in mixed mode, even though there are no other DC's or BDC's
    >

    Actually, I think Billy was being a smartass and referring to 2000
    Anno Domini.

    Laura
    --
    I am Dyslexia of Borg,
    Your ass will be laminated.
     
    Laura A. Robinson, Sep 25, 2003
    #7
  8. Rob

    Jtyc Guest

    > Actually, I think Billy was being a smartass

    Are you implying that Billy is smart?
     
    Jtyc, Sep 25, 2003
    #8
  9. "Jtyc" <> wrote in message
    news:...
    > > Actually, I think Billy was being a smartass

    >
    > Are you implying that Billy is smart?


    I think she meant that Billy's ass will smart after she gets through with
    him.

    --
    Fris "I'm next in line" bee® MCNGP #13

    http://www.mcngp.tk
    The MCNGP Team - We're here to help
     
    =?Windows-1252?Q?Frisbee=AE_MCNGP?=, Sep 25, 2003
    #9
  10. Rob

    billyw Guest

    we used to have a circus performer called billy smart ... it was a circus
    every christmas.. it was shite

    "Jtyc" <> wrote in message
    news:...
    > > Actually, I think Billy was being a smartass

    >
    > Are you implying that Billy is smart?
    >
    >
     
    billyw, Sep 25, 2003
    #10
  11. Rob

    billyw Guest

    as long as i dont need to squeal like a pig

    "Frisbee® MCNGP" <bhilemanATdasiDASHsoftwareDOTcom> wrote in message
    news:...
    > "Jtyc" <> wrote in message
    > news:...
    > > > Actually, I think Billy was being a smartass

    > >
    > > Are you implying that Billy is smart?

    >
    > I think she meant that Billy's ass will smart after she gets through with
    > him.
    >
    > --
    > Fris "I'm next in line" bee® MCNGP #13
    >
    > http://www.mcngp.tk
    > The MCNGP Team - We're here to help
    >
     
    billyw, Sep 25, 2003
    #11
  12. Rob

    huntleyjr Guest

    I also have been getting the same 675 & 677 errors in my Security log.
    I have spent hours at the Knowledge base trying to find out how to
    eliminate this problem. Being a bank, I need to get these off my
    security log! I verified that time differences were not the problem.
    One article said it could be pass thru authentication to a NT4.0
    resource. However they said Service Pack 2 took care of the problem.
    All win2k machines are at SP4.



    I hope someone can help with this problem.



    Jim


    --
    Posted via http://dbforums.com
     
    huntleyjr, Oct 28, 2003
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. David
    Replies:
    3
    Views:
    1,925
    David
    Jan 9, 2004
  2. BarBaar
    Replies:
    0
    Views:
    728
    BarBaar
    Sep 10, 2004
  3. B Squared

    VPN using Kerberos authentication

    B Squared, Jun 23, 2006, in forum: Cisco
    Replies:
    0
    Views:
    4,395
    B Squared
    Jun 23, 2006
  4. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "Kerberos: The Definitive Guide", Jason Garman

    Rob Slade, doting grandpa of Ryan and Trevor, Jan 28, 2004, in forum: Computer Security
    Replies:
    1
    Views:
    566
    Hairy One Kenobi
    Jan 28, 2004
  5. XaBi
    Replies:
    4
    Views:
    4,716
Loading...

Share This Page