Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Anyone know why I'm getting these security errors?

Posted on 2006-10-30
6
Medium Priority
?
2,798 Views
Last Modified: 2007-12-19
This client has an SBS 2003 box (not yet SP-1'd I just noticed). I was asked to identify the cause of all of the errors in the security event log. I've never seen these so I'm wondering if anyone can piont me in the right direction for a solution so I don't re-create the discovery wheel from scratch. Thanks for any help.

Here are 3 examples of what I'm seeing. There appear to several different security errors and there are about seceral dozen being logged per day:


Source: Security
Category: Account Logon
Event ID: 673
Description: Failure Code: 0x25


Source: Security
Category: Logon/Logoff
Event ID: 537
Description: An error occured during logon.
Status code: 0xC000006D
Substatus code: 0xC0000133


Source: Security
Category: Logon/Logoff
Event ID: 537
Description: An error occured during logon.
Status code: 0x000006D
Substatus code: 0xC0000133
0
Comment
Question by:WineGeek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17837897
Event 537 errors usually are caused by incorrectly configured time synchronization.  Because Kerberos security relies on system clocks being synchronized (within 5 minutes of eachother) if the workstations are not getting their time settings from the server, then this can be a problem.  If these just happened last night, then it could be due to the change from daylight savings time.

To configure an authoritative time server, please see: http://support.microsoft.com/kb/816042

FYI, for any EVENT that you are unaware of, you should always check www.eventid.net

Jeff
TechSoEasy

0
 

Author Comment

by:WineGeek
ID: 17837947
Thanks Jeff. Yeah, eventid.net is and was my first stop and they had nothing on the one I looked up. No, these have been happening for some time I've been told. I'll check out your link now.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17838095
Well, next time, you might want to read a bit slower... (or search a busy page for the actual Status Code)

http://www.eventid.net/display.asp?eventid=537&eventno=194&source=Security&phase=1  has the following info:

The "Connecting to" line gives you fully qualified domain name and IP address of the SBS server that is providing time synchronization. It also provides the port (123) that the Windows Time Service is utilizing. You can find more information by reading M314054".

This problem might also be caused by a “loopback check” security feature that is designed to help prevent reflection attacks on your computer. This feature was introduced in Windows XP SP2 and Windows Server 2003 SP1. Read M896861 for information on resolving this problem.

See MSW2KDB for additional information on this event.

(although I you didn't post the "connecting to" details of your event messages... so I can't be sure if you skipped these due to them not matching exactly).

Jeff
TechSoEasy
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:WineGeek
ID: 17846572
I'm looking through several of these logged events and I'm not seeing anywhere in any of them any reference to "Connecting to." Where should I see this "Connecting to" you referred to?
0
 

Author Comment

by:WineGeek
ID: 17846593
Also, I read that article about setting a time server, and it was already set in the registry when I checked on that. So I'm guessing this is not a time-related issue.... maybe....
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 2000 total points
ID: 17846872
Sorry, that was my error in reading the EventId.net article too quickly... (although you could have clicked the link above to see the complete article to understand the context of "connecting to").  But essentially it's possible it's the second part of what I clipped from there anyhow... which is the loopback check, and the reference to http://support.microsoft.com/kb/896861

Jeff
TechSoEasy

0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Written by Glen Knight (demazter) as part of a series of how-to articles. Introduction One of the biggest consumers of disk space with Small Business Server 2008(SBS) is Windows Server Update Services, more affectionately known as WSUS. For t…
I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question