Solved

Event 7 in KDC and server stops authenticating.

Posted on 2007-03-26
11
4,315 Views
Last Modified: 2012-05-05
Hello,
I am having problems with my windows2003 SBS. every few days, I get the following errors in the event log and the server stops authenticating users:

Event 7

The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was xxxx$@xxxx.COM and lookup type 0x28.

Event 7

The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was xxxxx and lookup type 0x8.

Any ideas of what couldbe causing this?
0
Comment
Question by:ymash
  • 5
  • 4
11 Comments
 
LVL 3

Expert Comment

by:fpthree
ID: 18796526
Have you recently tried to change a password on an administrative account?
Possibly an account that was used on a server to install software & services?
Or maybe a product attempting to authenticate to your servers AD? Someone such as IBM iSeries/AS400 would own a product that uses Kerberos to authenticate with AD.
KDC is Key Distribution Center (AD uses Kerberos). It's a tolken or 'ticket' distributed between server and client.
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18796547
You may want to run Netdiag (netdiag /test:kerberos /v) and DCdiag and check for Kerberos consistency. Post the results and we'll go from there.
0
 
LVL 1

Author Comment

by:ymash
ID: 18797121
Hello,
TO give you more background about the environemnt. This is a small business server, it is the only server on the network, and a few months ago we had a huge virus out break (could be related). I've had many problems with this server ever since the virus out break. Could this be caused by a virus on the client machines? THere are 2 users that I see with this error message everytime and the server stops working right after.
here is the output of the netdiag:


    Gathering IPX configuration information.
    Querying status of the Netcard drivers... Passed
    Testing Domain membership... Passed
    Gathering NetBT configuration information.
    Testing Kerberos authentication... Passed

    Tests complete.


    Computer Name: CALREAL-1
    DNS Host Name: CALREAL-1.calreal.com
    DNS Domain Name: calreal.com
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 6 Model 15 Stepping 6, GenuineIntel
    Hotfixes :
        Installed?      Name
           Yes          KB925398_WMP64
           Yes          KB931836
           Yes          Q147222
           No           ServicePackUninstall


Netcard queries test . . . . . . . : Passed

    Information of Netcard drivers:

    ---------------------------------------------------------------------------
    Description: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
    Device: \DEVICE\{2B62ABE6-33C7-4E59-A0A7-908A1F4D1D8D}

    Media State:                     Connected

    Device State:                    Connected
    Connect Time:                    05:50:25
    Media Speed:                     100 Mbps

    Packets Sent:                    624026
    Bytes Sent (Optional):           0

    Packets Received:                435808
    Directed Pkts Recd (Optional):   423179
    Bytes Received (Optional):       0
    Directed Bytes Recd (Optional):  0

    ---------------------------------------------------------------------------
    [PASS] - At least one netcard is in the 'Connected' state.



Per interface results:

    Adapter : Server Local Area Connection
        Adapter ID . . . . . . . . : {2B62ABE6-33C7-4E59-A0A7-908A1F4D1D8D}

        Netcard queries test . . . : Passed


Global results:


Domain membership test . . . . . . : Passed
    Machine is a . . . . . . . . . : Primary Domain Controller Emulator
    Netbios Domain name. . . . . . : CALREAL
    Dns domain name. . . . . . . . : calreal.com
    Dns forest name. . . . . . . . : calreal.com
    Domain Guid. . . . . . . . . . : {4882F59D-A8DD-41F7-9A0B-3F1EC97EB119}
    Domain Sid . . . . . . . . . . : S-1-5-21-3550455975-2051905957-2350562184
    Logon User . . . . . . . . . . : administrator
    Logon Domain . . . . . . . . . : CALREAL


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{2B62ABE6-33C7-4E59-A0A7-908A1F4D1D8D}
    1 NetBt transport currently configured.


Kerberos test. . . . . . . . . . . : Passed

    Find DC in domain 'CALREAL':
    Found this DC in domain 'CALREAL':
        DC. . . . . . . . . . . : \\CALREAL-1.calreal.com
        Address . . . . . . . . : \\192.168.1.200
        Domain Guid . . . . . . : {4882F59D-A8DD-41F7-9A0B-3F1EC97EB119}
        Domain Name . . . . . . : calreal.com
        Forest Name . . . . . . : calreal.com
        DC Site Name. . . . . . : Default-First-Site-Name
        Our Site Name . . . . . : Default-First-Site-Name
        Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV WRITABLE DNS_D
C DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8
    Cached Tickets:


The command completed successfully


thanks,
Yanal
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18802058
Well it doesn't appear as though it's AD, DNS, or Kerberos related. And you don't have any active or cached certificates. Is it possible that these workstations are using certificates of some sort?
Possibly WinXP workstations with IIS installed?
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18802072
Do you use these workstations for RDP? Or have the IIS Remote Desktop Website enabled?
Or do they access a VPN that uses a trusted certificate?
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 1

Author Comment

by:ymash
ID: 18805481
the workstation that is causing issues is a windows2000 pro machine. I have cisco VPN, it doesn't use certificates and I RDP to the server using a windowsXP pro machine.
0
 
LVL 1

Author Comment

by:ymash
ID: 18848187
I'm still having this issue. does anyone have any other suggestions?
0
 
LVL 1

Author Comment

by:ymash
ID: 19796332
I opened a ticket with Microsoft. Another tech in another case had me enable some monitoring software and forgot to tell me that it should be removed. After uninstalling it, everything is working fine.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 20294324
PAQed with points refunded (250)

Computer101
EE Admin
0
 
LVL 1

Author Comment

by:ymash
ID: 20296341
Thanks.
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now