Solved

continuous audit failures when exchange server tries to communicate with domain controller

Posted on 2006-06-14
15
371 Views
Last Modified: 2008-02-01
Type:            Audit Failure
Date:            6/14/2006
Time:            9:39:21 AM
Event:            566
Source:            Security
Category:      Directory Service Access
User:            WORKGROUP\MAIL2$
Computer:      SERVER3
Description:
Object Operation:
      Object Server:      DS
      Operation Type:      Object Access
      Object Type:      {bf967a8b-0de6-11d0-a285-00aa003049e2}
      Object Name:      {9f4c3340-3a99-4da9-9f2a-f450ac01ceb4}
      Handle ID:      -
      Primary User Name:      SERVER3$
      Primary Domain:      WORKGROUP
      Primary Logon ID:      (0x0,0x3E7)
      Client User Name:      MAIL2$
      Client Domain:      WORKGROUP
      Client Logon ID:      (0x0,0x1F771B6)
      Accesses:      Read Property
                  
      Properties:
      ---
            {771727b1-31b8-4cdf-ae62-4fe39fadf89e}
                  {bf967a6f-0de6-11d0-a285-00aa003049e2}
            {e48d0154-bcf8-11d1-8702-00c04fb96050}
                  {bf9679e5-0de6-11d0-a285-00aa003049e2}
      {bf967a8b-0de6-11d0-a285-00aa003049e2}
      Additional Info:      
      Additional Info2:      
      Access Mask:      0x10


This login failure keeps happening all the time flooding my event log with failure audits on my Domain controller. the computer causing the failure is my exchange server. any thoughts?

0
Comment
Question by:tccfadmin
  • 8
  • 5
  • 2
15 Comments
 
LVL 12

Expert Comment

by:Mazaraat
ID: 16907219
the log says the user mail2 from workgroup does not have access to the active directory...is your mail server in a workgroup?  how long have you been getting these errors?  there should be a host of errors on the exchange server also....
0
 
LVL 1

Author Comment

by:tccfadmin
ID: 16911762
my mail server is in the same domain as my domain controller. what kind of errors would i get on the exchange server? would it be giving me ndr's? like the ones i am having in my other question I have posted? I just took over for someone here as the network admin. This problem started after i changed the administrator password, but the mail server is still functioning. i just keep getting these audit failures and on my exchange server i'm getting ndr errors which is in my other ticket here.

http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21886745.html

any ideas?
0
 
LVL 1

Author Comment

by:tccfadmin
ID: 16911893
oh my domain is called workgroup btw. it was named that long before i got here.
0
 
LVL 12

Expert Comment

by:Mazaraat
ID: 16916648
Lets start with running these from your DC, dcdiag and netdiag - post results.  And do an IPCONFIG /ALL from both the DC and exchange server post results.

0
 
LVL 1

Author Comment

by:tccfadmin
ID: 16919677
ok here is the dcdiag information from the dc the server is having problems with. I have another dc as well but the mail server communicates with it fine so i guess running the tools on that one would be pointless. here is dcdiag summary


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\SERVER3
      Starting test: Connectivity
         ......................... SERVER3 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\SERVER3
      Starting test: Replications
         ......................... SERVER3 passed test Replications
      Starting test: NCSecDesc
         ......................... SERVER3 passed test NCSecDesc
      Starting test: NetLogons
         ......................... SERVER3 passed test NetLogons
      Starting test: Advertising
         ......................... SERVER3 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... SERVER3 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... SERVER3 passed test RidManager
      Starting test: MachineAccount
         ......................... SERVER3 passed test MachineAccount
      Starting test: Services
         ......................... SERVER3 passed test Services
      Starting test: ObjectsReplicated
         ......................... SERVER3 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... SERVER3 passed test frssysvol
      Starting test: frsevent
         ......................... SERVER3 passed test frsevent
      Starting test: kccevent
         ......................... SERVER3 passed test kccevent
      Starting test: systemlog
         ......................... SERVER3 passed test systemlog
      Starting test: VerifyReferences
         ......................... SERVER3 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : workgroup
      Starting test: CrossRefValidation
         ......................... workgroup passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... workgroup passed test CheckSDRefDom

   Running enterprise tests on : workgroup.godebtfree.com
      Starting test: Intersite
         ......................... workgroup.godebtfree.com passed test Intersite
      Starting test: FsmoCheck
         ......................... workgroup.godebtfree.com passed test FsmoCheck


ok here is netdiag


    Computer Name: SERVER3
    DNS Host Name: server3.workgroup.godebtfree.com
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 6 Model 11 Stepping 1, GenuineIntel
    List of installed hotfixes :
        KB883939
        KB890046
        KB893756
        KB896358
        KB896422
        KB896428
        KB896688
        KB896727
        KB899587
        KB899588
        KB899589
        KB899591
        KB900725
        KB901017
        KB901214
        KB902400
        KB903235
        KB904706
        KB904942
        KB905414
        KB905915
        KB908519
        KB908521
        KB908531
        KB910437
        KB911562
        KB911564
        KB911567
        KB911927
        KB912812
        KB912919
        KB913446
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection 2

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : server3
        IP Address . . . . . . . . : 10.33.50.140
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 10.33.50.130
        Dns Servers. . . . . . . . : 10.33.50.140
                                     10.33.50.136


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{E808F995-ACAF-4E4E-921A-769E1164F835}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '10.33.50.140
' and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server '10.33.50.136
' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{E808F995-ACAF-4E4E-921A-769E1164F835}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{E808F995-ACAF-4E4E-921A-769E1164F835}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


here is ipconfig for the server

Windows IP Configuration

   Host Name . . . . . . . . . . . . : server3
   Primary Dns Suffix  . . . . . . . : workgroup.godebtfree.com
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : workgroup.godebtfree.com
                                       godebtfree.com

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel 8255x-based PCI Ethernet Adapter (1
0/100)
   Physical Address. . . . . . . . . : 00-06-5B-3F-2F-4A
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.33.50.140
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.33.50.130
   DNS Servers . . . . . . . . . . . : 10.33.50.140
                                       10.33.50.136




ipconfig for the mail server

Windows IP Configuration

   Host Name . . . . . . . . . . . . : MAIL2
   Primary Dns Suffix  . . . . . . . : workgroup.godebtfree.com
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : workgroup.godebtfree.com
                                       godebtfree.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-11-43-DB-44-80
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.33.50.135
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.33.50.130
   DNS Servers . . . . . . . . . . . : 10.33.50.140
                                       10.33.50.136

that is all the information you requested. thank you for all the help so far.






0
 
LVL 4

Accepted Solution

by:
ansh_gupta earned 500 total points
ID: 16920400
i think that the exchange server is trying to query ad for some info and its not having any rights on that particular object with the guids {9f4c3340-3a99-4da9-9f2a-f450ac01ceb4}

i think some permissions for exchange server account are may be missing frm ad., to make sure about the membership of exchange server in right groups, i would say run domainprep frm the exchange setup. that will reset the exchange computer account group membership to start with.. If that doesnot resolve the issue, then we may need to use adsiedit probably. let me knwo whatyou think about this..
0
 
LVL 1

Author Comment

by:tccfadmin
ID: 16920722
if i run domain prep is that going to totally screw up my exchange setup? :) I mean it is functioning right now, its just gotta be fixed. last thing i want is 2000 events a day with this annoying message. if i run domain prep will the mail server still be functional?

rob
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 4

Expert Comment

by:ansh_gupta
ID: 16920761
Yes, there will be no issues. What domain prep will do is mentioned in the article

http://www.microsoft.com/technet/prodtechnol/exchange/2000/maintain/preputil.mspx
0
 
LVL 1

Author Comment

by:tccfadmin
ID: 16920791
will it take my mail server down temporarily? everyone is using it right now. if i can run it in the background that would be great.
0
 
LVL 4

Expert Comment

by:ansh_gupta
ID: 16920805
no it will not do anything. Exchange will be available. go through the link
0
 
LVL 1

Author Comment

by:tccfadmin
ID: 16920863
alright going to run domain prep now. will keep you posted.
0
 
LVL 1

Author Comment

by:tccfadmin
ID: 16920926
hey one other thing. when i run domain prep off the cd im running it on the exchange server correct?
0
 
LVL 4

Expert Comment

by:ansh_gupta
ID: 16920960
yes
0
 
LVL 1

Author Comment

by:tccfadmin
ID: 16921078
ok i ran it. it went pretty fast. lets see if i get the error will repost shortly
0
 
LVL 4

Expert Comment

by:ansh_gupta
ID: 16921139
sure
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now