Failure Audit Security Event ID: 675 Pre-Authentication Failed krbtgt/[domain]

A few users have had some difficulties logging into the network this morning.  I check the event log and noticed a few instances of the following.  This event was followed by Event ID: 529 by the users having trouble.  I was able to get the users logged into after stopping and starting the Kerberos service, but I would like to find the cause of the problem.  Anyone have any ideas?  Thanks in advance for any help.

Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 675
User: SYSTEM
Computer: SERVER(PDC)

Pre-authentication failed:
User Name: Administrator
User ID: [domain]\administrator
Service Name: krbtgt/[domain]
Pre-Authentication Type: 0x2
Failure Code: 0x18
Client Address: 127.0.0.1
AzagThotheAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

 
ian_chardCommented:
There's some good explanation on this event here, with some things for you to consider:

http://eventid.net/display.asp?eventid=675&eventno=62&source=Security&phase=1

Good luck
Ian
0
 
AzagThotheAuthor Commented:
I may have found the problem.  We have a backup DC that is running in another building.  I noticed yesterday that it was turned off.  It seems to have been either off or not replication for several months, meaning that it was tombstoned and AD replications have not been occuring.  I just recently started this position and I am still trying to get a feel for the network.  Some of the users were more then likely trying to authenticate with the backup dc with new passwords.

I am now running into another issue with "repadmin".

I determined that the backup dc that I turned on yesterday is the cause of some 2042 directory service event ids, using repadmin /showrepl.  I am getting an invalid arguments error when I try to use the repadmin /removelingeringobjects command.  I do not want to force a replication through the registry before lingering objects are deleted.  Can anyone give me any tips here?
0
 
ian_chardCommented:
Here's the Technet article on what to do in your situation:

http://technet2.microsoft.com/WindowsServer/en/Library/34c15446-b47f-4d51-8e4a-c14527060f901033.mspx

Cheers
Ian
0

Experts Exchange Solution brought to you by ConnectWise

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.