NT AUTHORITY\SYSTEM,Logon Failure, how can I fix this

Posted on 2004-04-14
Last Modified: 2013-12-04
NT AUTHORITY\SYSTEM,Logon Failure shows up under Event ID 537.  How can I address this event so it doesn't happen again?

Question by:g000se
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 84

Expert Comment

ID: 10826493
You're a bit sparse with information here. When does that error show up? On which Windows version(s) does it show up? What is the exact error text in the event viewer?
LVL 11

Author Comment

ID: 10827693
Sorry about that.  Windows 2000 server, service pak 4.  

537,AUDIT FAILURE,Security,Thu Apr 08 12:37:28 2004,NT AUTHORITY\SYSTEM,Logon Failure:     Reason:  An unexpected error occurred during logon     User Name:      Domain:       Logon Type: 3     Logon Process: Kerberos     Authentication Package: Kerberos     Workstation Name: -  

Thanks for your help.
LVL 84

Accepted Solution

oBdA earned 250 total points
ID: 10828084
At which occasions does this error occur, and is there anything else running on that machine (Exchange, IIS, ...)?
I'm afraid I have no real ideas at the moment; check out those maybe:

Event ID: 537

Active directory logon/logoff problem
Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

LVL 11

Author Comment

ID: 10834974
The server is a DC, with Wins secondary, dhcp, and global catalog, file and print sharing as well.
LVL 11

Author Comment

ID: 10835960
Thanks for the link.  It has been very useful.
LVL 84

Expert Comment

ID: 10837564
Glad you could solve it with the bit of information I was able to provide; may I ask what the problem was?
LVL 11

Author Comment

ID: 10891685
The link to the  helped me to better troubleshoot the issue, because users were prompted to change their passwords.  :)

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Monitoring software... 2 76
If cmd & Powershell is blocked, can users still run tools from Taskmgr or other means 9 168
Password reset 1 54
Wannacry 44 101
Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question