Solved

Getting a lot of Kerberos error messages from the same client every day!!!

Posted on 2004-04-26
4
16,222 Views
Last Modified: 2011-08-18
Hi, heres the log files from the security-log.

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      537
Date:            26-04-2004
Time:            09:45:22
User:            NT AUTHORITY\SYSTEM
Computer:      STOHNSERVER
Description:
Logon Failure:
       Reason:            An error occurred during logon
       User Name:      
       Domain:            
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      -
       Status code:      0xC000006D
       Substatus code:      0xC0000133
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      192.168.0.21
       Source Port:      0


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

----------------------------------------------------------------------

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      537
Date:            26-04-2004
Time:            09:45:21
User:            NT AUTHORITY\SYSTEM
Computer:      STOHNSERVER
Description:
Logon Failure:
       Reason:            An error occurred during logon
       User Name:      
       Domain:            
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      -
       Status code:      0xC000006D
       Substatus code:      0xC0000133
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      192.168.0.21
       Source Port:      1212


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

------------------------------------------------------------

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      537
Date:            26-04-2004
Time:            09:45:21
User:            NT AUTHORITY\SYSTEM
Computer:      STOHNSERVER
Description:
Logon Failure:
       Reason:            An error occurred during logon
       User Name:      
       Domain:            
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      -
       Status code:      0xC000006D
       Substatus code:      0xC0000133
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      192.168.0.21
       Source Port:      1208


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

--------------------------------------------------------

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      537
Date:            26-04-2004
Time:            09:21:41
User:            NT AUTHORITY\SYSTEM
Computer:      STOHNSERVER
Description:
Logon Failure:
       Reason:            An error occurred during logon
       User Name:      
       Domain:            
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      -
       Status code:      0xC000006D
       Substatus code:      0xC0000133
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      192.168.0.21
       Source Port:      1099


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

-------------------------------------------

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      537
Date:            26-04-2004
Time:            09:21:20
User:            NT AUTHORITY\SYSTEM
Computer:      STOHNSERVER
Description:
Logon Failure:
       Reason:            An error occurred during logon
       User Name:      
       Domain:            
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      -
       Status code:      0xC000006D
       Substatus code:      0xC0000133
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      192.168.0.21
       Source Port:      1093


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

----------------------------

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      537
Date:            26-04-2004
Time:            09:21:19
User:            NT AUTHORITY\SYSTEM
Computer:      STOHNSERVER
Description:
Logon Failure:
       Reason:            An error occurred during logon
       User Name:      
       Domain:            
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      -
       Status code:      0xC000006D
       Substatus code:      0xC0000133
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      192.168.0.21
       Source Port:      1090


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


------------------------------------------

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      537
Date:            26-04-2004
Time:            09:20:46
User:            NT AUTHORITY\SYSTEM
Computer:      STOHNSERVER
Description:
Logon Failure:
       Reason:            An error occurred during logon
       User Name:      
       Domain:            
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      -
       Status code:      0xC000006D
       Substatus code:      0xC0000133
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      192.168.0.21
       Source Port:      0


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------------------------------------------------

And there are many more....

Its only from this one computer with the ip 192.168.0.21. What's the problem. Does anybody know ? How can I find out. Is these logfiles helpfull at all ?


Best regards,

Zoodiaq
0
Comment
Question by:Zoodiaq
  • 2
  • 2
4 Comments
 
LVL 16

Expert Comment

by:JamesDS
ID: 10916590
Zoodiaq
Kerberos has minimum requirements for timesync, make sure the clock on the problem PC is timesync'd to within 4 seconds.

From the problem machine run:

NET TIME /SET /YES
and it will sync straight to a domain controller.

Cheers

JamesDS
0
 

Author Comment

by:Zoodiaq
ID: 10917618
Yes, that seems to be the problem.

I looked on the client computer which is running windows XP, and there is two events showing up all the time.

Event Type:      Error
Event Source:      W32Time
Event Category:      None
Event ID:      29
Date:            26-04-2004
Time:            14:05:56
User:            N/A
Computer:      Computername
Description:
Tidsprovideren NtpClient er konfigureret til at hente tid fra en eller flere tidskilder, men ingen af kilderne er tilgængelige i øjeblikket.  Der forsøges ikke at oprette forbindelse til en kilde i 239 minutter. NtpClient har ingen kilde til korrekt tid.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

--------------

The description is in danish, but is says that the timeprovider NtpClient is configuret to get the time from one or more timesources, but none of the sources are available at the moment. The system will not try to make a connection too a source for 239 minuttes. The NtpClient doesn't have a source for correct time. (This is just my poor translation)

The other event is the following:

Event Type:      Warning
Event Source:      W32Time
Event Category:      None
Event ID:      14
Date:            26-04-2004
Time:            14:05:56
User:            N/A
Computer:      TOMMY01
Description:
Tidsprovideren NtpClient kunne ikke finde en domænecontroller, der kan bruges som  tidskilde. Der forsøges igen om 240 minutter.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

-----------------

The description says: The timeprovider NtpClient could not fin any domaincontroller, which can be used as a timesource. The system will try again in 240 minuttes.
------------------

The strange thing is, that this is the only client, that has this problem. All clientmachines are running a script when the users log in, which includes the command you wrote JamesDS: NET TIME /SET /YES. I allready had this in the log on script.

Why is only this computer behaving wierd ?

Regards,

Zoodiaq
0
 
LVL 16

Accepted Solution

by:
JamesDS earned 250 total points
ID: 10917656
Zoodiaq
Sometimes the timserver gets confused - here's how to fix it:

Fixing timesync is different according to the machine type...

Members of the Active Directory sync with their local DC (local as in local AD site). The DCs then sync with the PDCEmulator, so the PDCE is the root of all time - as it were!

Diagnosis of timesync errors is difficult, but do not be tempted to use NET TIME /SETSNTP: on all machines in the domain (as suggested to many questions like this one, unless it's a PDCE), as it specifically overrides the natural internal operation of the time service within Active Directory.

These commands are written for Windows 2003 and Windows XP. There are some equivalents for windows 2000, use W32tm /? or W32Time /? from the command line to look for alternatives on older OSs.

Use NET TIME /SETSNTP:
to clear any entry and return to the default settings

Use NET TIME /SET /YES
to synch NOW with your authenticating DC and begin the diagnosis:

Start by verifying your domain is synching AD by using REPLMON.EXE in the support tools pack on the Windows installation CD.


If this is OK then run this from the command line:
W32TM /monitor

to ensure that each member server/workstation is actually pointing to a DC.

If this is OK then run this from the command line:
W32TM /resync /rediscover

followed by:
W32TM /resync /nowait

and check the system eventlog for W32TIME errors. This process does a full reset and recheck of the time system as it relates to one member machine on your AD.

Post any errors here

Explantion of why it doesn't alway instantly set the right time:
Timesync works as follows:

If the local clock time of the time client is behind the current time received from the time server, W32Time will change the local clock time immediately.
If the local clock time of the time client is more than three minutes ahead of the time on the time server, W32Time will change the local clock time immediately.
If the local clock time of the time client is less than three minutes ahead of the time on the server, W32Time will quarter or halve the clock frequency for long enough to bring the clocks into sync. If the client is less that 15 seconds ahead, it will halve the frequency; otherwise, it will quarter the frequency. The amount of time the clock spends running at an unusual frequency depends on the size of the offset that is being corrected.

W32Time will periodically check its local time with the current time by connecting to the time source. This process starts as soon as the service turns on during system start-up. W32Time attempts synchronization every 45 minutes until the clocks have successfully synchronized three times. When the clocks are correctly synchronized, W32Time then synchronizes at eight-hour intervals, unless there is a failure to obtain a timestamp, or a validation failure. If there is a failure, the process starts over from the beginning.

Set it by hand as close as you can and then simply leave it to sort itself out.


Cheers

JamesDS
0
 

Author Comment

by:Zoodiaq
ID: 10933438
Thx JamesDS for the answer. I think I've solved the problem.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now