Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

676 AUDIT FAILURE- error message with Supplied Realm Name

Posted on 2006-07-07
8
Medium Priority
?
601 Views
Last Modified: 2008-02-01
Hello,

Recently an employee has left the company and I get these error messages either late at night or early morning.  This employee username and email has been removed from the system.  The server that the account is trying to access is the email server.  Here is the error message, I had change up the username and Supplied Realm Name which has the Domain info.  

Is there a service trying to access this employee's account?

676,AUDIT FAILURE,Security NT AUTHORITY\SYSTEM,Authentication Ticket Request Failed,    User Name:  John Doe  Supplied Realm Name: AB Domain

Thanks for your help.
0
Comment
Question by:g000se
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 11

Author Comment

by:g000se
ID: 17058302
**change on 3rd sentence:  The account is trying to access the email server.

Haven't finish getting caffine into my system.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17058533
676 audit failure usually indicates someone is trying to access. There should also be a failure code indicating why access was denied. Probably in this case #6 indicating an invalid username.
Other than the fact that his is at an odd time of day it might be quite innocent. Does the user have a remote PC or laptop on which the mail account might not have been disabled? If so the computer may just be attempting to do a routine mail download.
0
 
LVL 11

Author Comment

by:g000se
ID: 17058786
Thanks for your reply RobWill.

This person may have a laptop that was configured to connect to our email server.

Last Friday I had tried to access our webmail using the disabled account and was able to generate the same error message.

This person's username has been removed but their email address has been added to on the other folk's smtp.

It just seems odd for the error message to show up after this person has left.
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 77

Expert Comment

by:Rob Williams
ID: 17058858
>>"seems odd for the error message to show up after this person has left."
Definitely, but as mentioned may be due to the mail account still existing on the laptop. Can you contact them and just explain that the account should be removed as it is "cluttering" your log file.
Then again it could be an intentional attempt. Perhaps with no success they will stop. However, if they were trying to hack your system you would think they might try more than just the mail server.
0
 
LVL 11

Author Comment

by:g000se
ID: 17059660
Very true, I just don't want to jump ahead of myself and think this person is hacking.
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 1500 total points
ID: 17059724
See if it continues. If it is at a somewhat regular time each day indicating it is probably normal use of the laptop, you may want to give them a call.
Do you get frequent attempts in a short period of time? This might indicate hacking. If frequent but very regular intervals, such as every 15 minutes it might indicate auto-mail downloading.
Tough call.
0
 
LVL 11

Author Comment

by:g000se
ID: 17307811
thanks
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17307849
Thanks g000se,
--Rob
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question